Local Inter-Process Communication Vulnerability in Vasion Print from PrinterLogic
CVE-2025-34189

6.9MEDIUM

Key Information:

Vendor: Vasion
Status: Print Virtual Appliance Host; Print Application
Vendor: CVE Published:; 19 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-34189?

A significant flaw in Vasion Print (formerly PrinterLogic) exposes a critical weakness in its local inter-process communication (IPC) mechanism. In versions prior to 1.0.735 for the Virtual Appliance Host and prior to 20.0.1330 for macOS/Linux client deployments, the software incorrectly manages IPC request and response files, allowing them to be stored with world-readable and world-writable permissions. This oversight provides any local user the capability to create malicious request files that can be executed by privileged daemons. As a result, attackers can potentially bypass user session isolation, hijack other users' sessions, and execute unauthorized actions, thereby threatening the integrity and availability of the entire system.

Affected Version(s)

Print Application MacOS * < 20.0.1330

Print Virtual Appliance Host MacOS * < 1.0.735

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34189 - Proof of Concept