PT-2025-39898 · Printerlogic · Vasion Print Application+1

Pierre Barre

Published

2025-09-29

Updated

2025-10-02

CVE-2025-34235

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 Vasion Print (formerly PrinterLogic) Application versions prior to 25.1.1413

Description Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application contain a registry key that, when enabled by administrators, causes the client to bypass SSL/TLS certificate validation. This allows an attacker intercepting HTTPS traffic to inject malicious driver DLLs, potentially leading to remote code execution with SYSTEM privileges. A local attacker could also achieve local privilege escalation through junction-point DLL injection.

Recommendations Update Vasion Print Virtual Appliance Host to version 25.1.102 or later. Update Vasion Print Application to version 25.1.1413 or later.

Exploit

Fix

LPE

RCE

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

BDU:2026-00258

CVE-2025-34235

Affected Products

Vasion Print Application

Vasion Print Virtual Appliance Host

PT-2025-39898 · Printerlogic · Vasion Print Application+1

CVE-2025-34235

Weakness Enumeration

Related Identifiers

Affected Products

References · 13