Login Sign Up

CVE-2025-34195

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote code execution on Windows systems running vulnerable versions of Vasion Print (formerly PrinterLogic). Attackers can exploit unquoted program paths during driver installation to execute arbitrary code with elevated privileges, potentially compromising affected endpoints. Organizations using Vasion Print Virtual Appliance Host versions before 1.0.735 or Application versions before 20.0.1330 on Windows are affected.

💻 Affected Systems

Products:
  • Vasion Print (formerly PrinterLogic) Virtual Appliance Host
  • Vasion Print (formerly PrinterLogic) Application
Versions: Virtual Appliance Host versions prior to 1.0.735, Application versions prior to 20.0.1330
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Windows client deployments specifically; vulnerability exists in PrinterInstallerClient driver-installation component.

📦 What is this software?

Virtual Appliance Application by Vasion

View all CVEs affecting Virtual Appliance Application →

Virtual Appliance Host by Vasion

View all CVEs affecting Virtual Appliance Host →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, enabling lateral movement, data exfiltration, ransomware deployment, and complete control over affected endpoints.

🟠

Likely Case

Privilege escalation leading to persistent backdoor installation, credential theft, and establishment of foothold for further network exploitation.

🟢

If Mitigated

Limited impact with proper network segmentation, endpoint protection, and least privilege principles in place, potentially containing the attack to isolated segments.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires ability to place malicious executable at specific short-path location; detailed technical analysis available in public references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Virtual Appliance Host 1.0.735 or later, Application 20.0.1330 or later

Vendor Advisory: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Restart Required: Yes

Instructions:

1. Download and install the patched version from official vendor sources. 2. Restart affected systems. 3. Verify installation by checking version numbers.

🔧 Temporary Workarounds

Restrict file creation in vulnerable directories

windows

Apply strict file system permissions to prevent unauthorized file creation in C:\Program Files (x86)\Printer Properties Pro\Printer Installer and parent directories.

icacls "C:\Program Files (x86)\Printer Properties Pro\Printer Installer" /deny Everyone:(OI)(CI)F
icacls "C:\Program Files (x86)\Printer Properties Pro" /deny Everyone:(OI)(CI)F

Monitor for suspicious file creation

windows

Implement file system monitoring for executable creation in vulnerable paths.

🧯 If You Can't Patch

  • Isolate affected systems from critical network segments using firewall rules and network segmentation.
  • Implement application allowlisting to prevent execution of unauthorized binaries from vulnerable directories.

🔍 How to Verify

Check if Vulnerable:

Check installed version of Vasion Print/PrinterLogic software; if Virtual Appliance Host version is below 1.0.735 or Application version is below 20.0.1330, system is vulnerable.

Check Version:

Check application version in Control Panel > Programs and Features or via vendor-specific management console.

Verify Fix Applied:

Confirm installed version meets or exceeds patched versions (1.0.735 for Virtual Appliance Host, 20.0.1330 for Application).

📡 Detection & Monitoring

Log Indicators:

  • Process creation events from C:\Program.exe or similar short-path executables
  • File creation events in C:\Program Files (x86)\Printer Properties Pro\Printer Installer directory
  • Unusual process execution from PrinterInstallerClient component

Network Indicators:

  • Unexpected outbound connections from systems running Vasion Print software
  • Network traffic to/from vulnerable systems during driver installation processes

SIEM Query:

Process Creation where (ImagePath contains "C:\\Program.exe" OR CommandLine contains "Printer Installer") AND ParentImage contains "PrinterInstallerClient"

📊 Metadata

CVE ID: CVE-2025-34195
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
EPSS Score: 0.56% exploit probability (67.7th percentile)
Published: September 19, 2025
Last Updated: October 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34195, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)