CVE-2025-34189

MEDIUM EPSS 13.8%
Published Sep 19, 20259mo ago · Modified Jun 17, 20262w ago
6.9 CVSS 4.0
Medium
Find Similar
Published Sep 19, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor as: V-2022-004 — Client Inter-process Security.

CVSS Details

Base Score
6.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
13.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-732
CWE-922

Affected Products 4

VendorProductVersionRange
vasionvirtual_appliance_application* <20.0.1330
vasionvirtual_appliance_host* <1.0.735
applemacos*any
linuxlinux_kernel*any

References 4

  • help.printerlogic.com https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
    Vendor Advisory
  • help.printerlogic.com https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
    Vendor Advisory
  • pierrekim.github.io https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-lack-auth-communication
    ExploitThird Party Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-interprocess-communication
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.