CVE-2025-34191 — HIGH (8.4)

Q: How severe is CVE-2025-34191?

CVE-2025-34191 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-34191?

Check the references section above for vendor advisories and patch information. Affected products include: Vasion Virtual Appliance Application, Vasion Virtual Appliance Host, Apple Macos, Linux Linux Kernel.

Vulnerability Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into files under /opt/PrinterInstallerClient/tmp/responses/ reusing the requested filename. The service follows symbolic links in the responses directory and writes as the service user (typically root), allowing a local, unprivileged user to cause the service to overwrite or create arbitrary files on the filesystem as root. This can be used to modify configuration files, replace or inject binaries or drivers, and otherwise achieve local privilege escalation and full system compromise. This vulnerability has been identified by the vendor as: V-2023-019 — Arbitrary File Write as Root.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Vasion	Virtual Appliance Application	< 20.0.1923
Vasion	Virtual Appliance Host	< 22.0.843
Apple	Macos	-
Linux	Linux Kernel	-

Related Weaknesses (CWE)

CWE-59 CWE-276

References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htmVendor Advisory
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htmVendor Advisory
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilitiExploitThird Party Advisory
https://www.vulncheck.com/advisories/vasion-print-printerlogic-arbitrary-file-wrThird Party Advisory

FAQ

What is CVE-2025-34191?

CVE-2025-34191 is a vulnerability with a CVSS score of 8.4 (HIGH). Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write vulnerability...

How severe is CVE-2025-34191?

CVE-2025-34191 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-34191?

Check the references section above for vendor advisories and patch information. Affected products include: Vasion Virtual Appliance Application, Vasion Virtual Appliance Host, Apple Macos, Linux Linux Kernel.