CVE-2025-34194

Name of the Vulnerable Software and Affected Versions Vasion Print (affected versions not specified)

Description The Vasion Print Virtual Appliance Host and Application (Windows client deployments) contain an insecure temporary-file handling issue in the PrinterInstallerClient components. The software creates files as NT AUTHORITYSYSTEM inside a directory under the control of the local user (C:Users%USER%AppDataLocalTemp). An attacker who can place symbolic links or otherwise influence filenames in that directory can cause the service to follow the link and write to arbitrary filesystem locations as SYSTEM. This allows a local, unprivileged user to overwrite or create files as SYSTEM, leading to local privilege escalation and the ability to modify configuration files, replace or inject binaries, or otherwise compromise confidentiality, integrity, and availability of the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.