CVE-2025-34235
HIGHVasion Virtual Appliance Application - Improper Certificate Validation
Title source: ruleDescription
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can intercept HTTPS traffic can then inject malicious driver DLLs, resulting in remote code execution with SYSTEM privileges; a local attacker can achieve local privilege escalation via a junction‑point DLL injection. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
References (4)
Scores
CVSS v3
7.8
EPSS
0.0058
EPSS Percentile
69.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-295
Status
published
Products (2)
vasion/virtual_appliance_application
< 25.1.1413
vasion/virtual_appliance_host
< 25.1.102
Published
Sep 29, 2025
Tracked Since
Feb 18, 2026