CVE-2025-34189
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-19

Last updated on: 2025-10-02

Assigner: VulnCheck

Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability.Β This vulnerability has been identified by the vendor as:Β V-2022-004 β€” Client Inter-process Security.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-19
Last Modified
2025-10-02
Generated
2026-06-16
AI Q&A
2025-09-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-34189
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
vasion virtual_appliance_application to 20.0.1330 (exc)
vasion virtual_appliance_host to 1.0.735 (exc)
apple macos *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CWE-922 The product stores sensitive information without properly limiting read or write access by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Vasion Print (formerly PrinterLogic) involves insecure inter-process communication (IPC) where request and response files are stored with world-readable and world-writable permissions. This allows any local user to create malicious request files that privileged daemons process, leading to unauthorized actions in other user sessions. Essentially, it breaks user session isolation and enables local attackers to hijack sessions and perform actions as other users. [1]

Mitigation Strategies

Immediate mitigation steps include restricting the permissions of the IPC files in /opt/PrinterInstallerClient/tmp to prevent world-readable and world-writable access. This can be done by changing the permissions to allow access only to the necessary users or processes. Additionally, upgrading Vasion Print Virtual Appliance Host to version 1.0.735 or later, or the Application to version 20.0.1330 or later, will address the vulnerability as these versions contain the fix. [1]

Impact Analysis

The vulnerability can impact you by allowing a local attacker to hijack user sessions and execute unauthorized actions in the context of other users. This compromises system integrity and availability, potentially leading to privilege escalation and unauthorized access to sensitive operations within the affected system. [1]

Detection Guidance

You can detect this vulnerability by checking the permissions of the IPC request and response files located in /opt/PrinterInstallerClient/tmp. Specifically, look for files with world-readable and world-writable permissions. For example, on a Linux or macOS system, you can run the command: ls -l /opt/PrinterInstallerClient/tmp to list the permissions of the files in that directory and identify insecure permission settings. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34189. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart