Security Flaw in Vasion Print Virtual Appliance Host Affects Windows Clients
CVE-2025-34235
9.5CRITICAL
Key Information:
- Vendor
Vasion
- Vendor
- CVE Published:
- 29 September 2025
What is CVE-2025-34235?
A vulnerability exists in Vasion Print's Virtual Appliance Host and Windows client deployments that allows administrators to enable a registry key, which skips SSL/TLS certificate validation. This can result in an attacker intercepting HTTPS traffic, leading to the injection of malicious driver DLLs. Such exploitation can result in remote code execution with SYSTEM privileges, or local privilege escalation through junction-point DLL injection. While a remediation has been confirmed, the timeline for the patch's introduction remains unclear.
Affected Version(s)
Print Application * < 25.1.1413
Print Virtual Appliance Host * < 25.1.102