CVE-2025-34195
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-10-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | to 20.0.1330 (exc) |
| vasion | virtual_appliance_host | to 1.0.735 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34195 is a remote code execution vulnerability in Vasion Print (formerly PrinterLogic) products, specifically affecting Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 on Windows clients. The issue arises because the PrinterInstallerClient driver-installation component uses an unquoted program path when launching programs during driver installation. This allows an attacker to place a malicious executable in a location like C:\Program.exe, which the operating system may run instead of the intended program. This can lead to arbitrary code execution with the privileges of the installer process, potentially resulting in full system compromise. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code on affected Windows endpoints with the privileges of the installer process, which may be elevated. This can lead to full compromise of the system, including unauthorized access, privilege escalation, and potential control over the affected device. The impact includes high confidentiality, integrity, and availability risks. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for the presence of vulnerable versions of Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 1.0.735 and Application prior to 20.0.1330 on Windows clients. Additionally, inspecting the file system for unquoted program paths under "C:\Program Files (x86)\Printer Properties Pro\Printer Installer" can help identify the vulnerability. Specific commands to detect unquoted paths or suspicious executables in short-path locations (e.g., C:\Progra~2\Printer~1) are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Vasion Print Virtual Appliance Host to version 1.0.735 or later and the Print Application to version 20.0.1330 or later. Until patches are applied, restrict local access to affected systems to prevent attackers from placing malicious executables in vulnerable paths. Additionally, reviewing and correcting unquoted program paths in the driver installation components can reduce risk. [1]