CVE-2025-34189

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 Vasion Print (formerly PrinterLogic) Application versions prior to 20.0.1330

Description The software stores inter-process communication (IPC) request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. A local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability.

Recommendations Update Virtual Appliance Host to version 1.0.735 or later. Update Application to version 20.0.1330 or later.