Authentication Bypass Vulnerability in Vasion Print by Vasion
CVE-2025-34190

8.5HIGH

Key Information:

Vendor

Vasion

Status
Print Application
Print Virtual Appliance Host
Vendor
CVE Published:
19 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-34190?

The Vasion Print Virtual Appliance Host and macOS/Linux client deployments are exposed to an authentication bypass through the PrinterInstallerClientService. Attackers can exploit this vulnerability by preloading a malicious shared object that overrides the geteuid() function, allowing them to gain unauthorized root privileges. This could lead to execution of administrative commands without proper authorization, thereby compromising system integrity. Despite certain operations requiring write access potentially failing, the bypass undermines the security of the inter-process communication system. Although the vulnerability has been addressed, specific affected version details are yet to be confirmed by Vasion.

Affected Version(s)

Print Application MacOS *

Print Virtual Appliance Host MacOS *

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34190 - Proof of Concept

References

https://help.printerlogic.com/saas/Print/Security/Securit...
vendor-advisorypatch
https://pierrekim.github.io/blog/2025-04-08-vasion-printe...
technical-descriptionexploit
https://help.printerlogic.com/va/Print/Security/Security-...
vendor-advisorypatch

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Barre
.
CVE-2025-34190 : Authentication Bypass Vulnerability in Vasion Print by Vasion