CVE-2025-34235 CRITICAL

CVE-2025-34235: Vasion Print (formerly PrinterLogic) Weak SSL/TLS Certificate Validation RCE

Vendor Vasion
Product Print Virtual Appliance Host
Weakness CWE-295
Published September 29, 2025
Last update May 15, 2026

CVSS base score

9.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can intercept HTTPS traffic can then inject malicious driver DLLs, resulting in remote code execution with SYSTEM privileges; a local attacker can achieve local privilege escalation via a junction‑point DLL injection. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.

Key dates

02Disclosure timeline

September 29, 2025 CVE published
May 15, 2026 Record updated