Insecure Temporary File Handling in Vasion Print Application
CVE-2025-34194

8.5HIGH

Key Information:

Vendor

Vasion

Status
Print Virtual Appliance Host
Print Application
Vendor
CVE Published:
19 September 2025

What is CVE-2025-34194?

The Vasion Print application, including its Virtual Appliance Host and Windows client deployments, suffers from an insecure temporary-file handling vulnerability. This flaw allows local users to manipulate filenames or create symbolic links in the user directory, leading the PrinterInstallerClient components to write files with SYSTEM privileges. This escalation can compromise system confidentiality, integrity, and availability by enabling unauthorized modifications or replacements of critical files. While a fix is available, the range of affected versions is not yet fully established.

Affected Version(s)

Print Application Windows *

Print Virtual Appliance Host Windows *

References

https://help.printerlogic.com/saas/Print/Security/Securit...
vendor-advisorypatch
https://pierrekim.github.io/blog/2025-04-08-vasion-printe...
technical-description
https://help.printerlogic.com/va/Print/Security/Security-...
vendor-advisorypatch

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Barre
.
CVE-2025-34194 : Insecure Temporary File Handling in Vasion Print Application