CVE-2025-34191

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 Vasion Print Application versions prior to 20.0.1923

Description Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application contain an arbitrary file write issue via response file handling. The service writes response data into files under /opt/PrinterInstallerClient/tmp/responses/, reusing the requested filename and following symbolic links within the responses directory. This allows a local, unprivileged user to overwrite or create arbitrary files on the filesystem as root, potentially leading to local privilege escalation and full system compromise. This can be used to modify configuration files, replace or inject binaries or drivers.

Recommendations Vasion Print Virtual Appliance Host versions prior to 22.0.843 should be updated to version 22.0.843 or later. Vasion Print Application versions prior to 20.0.1923 should be updated to version 20.0.1923 or later.