CVE-2025-34189 MEDIUM

CVE-2025-34189: Vasion Print (formerly PrinterLogic) Insecure Inter-Process Communication Allows Local Session Hijacking

Vendor Vasion
Product Print Virtual Appliance Host
Weakness CWE-732
Published September 19, 2025
Last update May 15, 2026

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor as: V-2022-004 — Client Inter-process Security.

Key dates

02Disclosure timeline

September 19, 2025 CVE published
May 15, 2026 Record updated