Arbitrary File Write Vulnerability in Vasion Print by PrinterLogic
CVE-2025-34191

8.5HIGH

Key Information:

Vendor: Vasion
Status: Print Virtual Appliance Host; Print Application
Vendor: CVE Published:; 19 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-34191?

An arbitrary file write vulnerability exists in Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 for macOS/Linux clients. This flaw allows a local, unprivileged user to manipulate response file handling by the service, leading to the overwriting or creation of arbitrary files on the filesystem as the service user (commonly root). The service’s ability to follow symbolic links in the responses directory makes it susceptible to exploitation, enabling attackers to alter critical configuration files or inject malicious binaries or drivers, thereby facilitating local privilege escalation and potentially compromising the entire system.

Affected Version(s)

Print Application MacOS * < 20.0.1923

Print Virtual Appliance Host MacOS * < 22.0.843

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34191 - Proof of Concept