CVE-2025-34189

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34189
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor as: V-2022-004 — Client Inter-process Security.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm Vendor Advisory
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm Vendor Advisory
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-lack-auth-communication Exploit Third Party Advisory
https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-interprocess-communication Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*
cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
History

02 Oct 2025, 22:15

Type Values Removed Values Added
Summary (en) Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. (en) Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor as: V-2022-004 — Client Inter-process Security.

24 Sep 2025, 19:28

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Vasion virtual Appliance Host
Apple macos
Apple
Linux
Vasion virtual Appliance Application
Vasion
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
References () https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm - () https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm - Vendor Advisory
References () https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm - () https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm - Vendor Advisory
References () https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-lack-auth-communication - () https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-lack-auth-communication - Exploit, Third Party Advisory
References () https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-interprocess-communication - () https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-interprocess-communication - Third Party Advisory

19 Sep 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-19 19:15

Updated : 2025-10-02 22:15

NVD link : CVE-2025-34189

Mitre link : CVE-2025-34189

CVE.ORG link : CVE-2025-34189

JSON object : View

Products Affected

linux

  • linux_kernel

apple

  • macos

vasion

  • virtual_appliance_application
  • virtual_appliance_host
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-922

Insecure Storage of Sensitive Information