CVE-2025-34189 - Vulnerability Details

CVE-2025-34189 - Vasion Print (formerly PrinterLogic) Insecure Inter-Process Communication Allows Local Session Hijacking

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Macos
Linux	Linux Kernel
Printerlogic	Vasion Print Virtual Appliance
Vasion	Virtual Appliance Application Virtual Appliance Host

Configuration 1 [-]

AND

OR	cpe:2.3:a:vasion:virtual_appliance_application::::::::
	cpe:2.3:a:vasion:virtual_appliance_host::::::::

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

No data.

References

Link	Providers
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-lack-auth-communication
https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-interprocess-communication

History

Wed, 24 Sep 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos Linux Linux linux Kernel Vasion Vasion virtual Appliance Application Vasion virtual Appliance Host
CPEs		cpe:2.3:a:vasion:virtual_appliance_application:::::::: cpe:2.3:a:vasion:virtual_appliance_host:::::::: cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::*
Vendors & Products		Apple Apple macos Linux Linux linux Kernel Vasion Vasion virtual Appliance Application Vasion virtual Appliance Host
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Mon, 22 Sep 2025 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Printerlogic Printerlogic vasion Print Printerlogic virtual Appliance
Vendors & Products		Printerlogic Printerlogic vasion Print Printerlogic virtual Appliance

Fri, 19 Sep 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 19 Sep 2025 19:00:00 +0000

Type	Values Removed	Values Added
Description		Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability.
Title		Vasion Print (formerly PrinterLogic) Insecure Inter-Process Communication Allows Local Session Hijacking
Weaknesses		CWE-732 CWE-922
References		https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-lack-auth-communication https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-interprocess-communication
Metrics		cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-09-19T18:49:29.691Z

Updated: 2025-09-19T20:11:00.949Z

Reserved: 2025-04-15T19:15:22.568Z

Link: CVE-2025-34189

Vulnrichment

Updated: 2025-09-19T20:10:54.349Z

NVD

Status : Analyzed

Published: 2025-09-19T19:15:39.190

Modified: 2025-09-24T19:28:54.507

Link: CVE-2025-34189

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object