CVE-2025-34194
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-09-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | * |
| vasion | virtual_appliance_host | * |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-377 | Creating and using insecure temporary files can leave application and system data vulnerable to attack. |
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34194 is a local privilege escalation vulnerability in Vasion Print (formerly PrinterLogic) affecting its Virtual Appliance Host, Print Application, and Windows client deployments. It stems from insecure handling of temporary files where the software creates files as SYSTEM inside a directory controlled by the local user. An attacker can exploit this by placing symbolic links or manipulating filenames in the user's temp directory, causing the service to write files to arbitrary locations with SYSTEM privileges. This allows the attacker to overwrite or create files as SYSTEM, potentially modifying configurations, injecting binaries, or compromising system confidentiality, integrity, and availability. [1]
How can this vulnerability impact me? :
This vulnerability can allow a local, unprivileged user to escalate their privileges to SYSTEM level on the affected machine. This means the attacker can modify configuration files, replace or inject malicious binaries, and compromise the confidentiality, integrity, and availability of the system. Essentially, it can lead to full control over the affected system by an attacker who initially has limited access. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for the presence of Vasion Print (formerly PrinterLogic) software and monitoring the temporary file directory (C:\Users\%USER%\AppData\Local\Temp\) for suspicious symbolic links or unexpected file creations by the PrinterInstallerClient components running as NT AUTHORITY\SYSTEM. Specific commands to detect symbolic links or unusual file activity include using PowerShell commands like 'Get-ChildItem -Path $env:TEMP -Recurse -Attributes ReparsePoint' to find symbolic links in the temp directory, and auditing file creation/modification events in that directory. Additionally, checking running processes and services related to PrinterInstallerClient may help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Vasion Print (PrinterLogic) software to the latest version once the vendor releases the fixed version, restricting user permissions to prevent creation of symbolic links in the temporary directory, and monitoring or restricting access to the temp directory to prevent exploitation. Applying principle of least privilege and disabling or limiting the PrinterInstallerClient service where possible can also reduce risk. Since the affected version range is not fully determined, closely following vendor advisories for patches is critical. [1]