CVE-2025-34193

Medienbericht

Exploit

EPSS 0.11%
Veröffentlicht 19.09.2025 18:47:35
Zuletzt bearbeitet 29.09.2025 20:15:31
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components (PrinterInstallerClientInterface.exe, PrinterInstallerClient.exe, PrinterInstallerClientLauncher.exe) that lack modern compile-time and runtime exploit mitigations and rely on outdated runtimes. These binaries are built as 32-bit, without Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), Control Flow Guard (CFG), or stack-protection, and they incorporate legacy technologies (Pascal/Delphi and Python 2) which are no longer commonly maintained. Several of these processes run with elevated privileges (NT AUTHORITY\SYSTEM for PrinterInstallerClient.exe and PrinterInstallerClientLauncher.exe), and the client automatically downloads and installs printer drivers. The absence of modern memory safety mitigations and the use of unmaintained runtimes substantially increase the risk that memory-corruption or other exploit primitives — for example from crafted driver content or maliciously crafted inputs — can be turned into remote or local code execution and privilege escalation to SYSTEM. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vasion ≫ Virtual Appliance Application Version-

Microsoft ≫ Windows Version-

Vasion ≫ Virtual Appliance Host Version-

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.301

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	7.1	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-1104 Use of Unmaintained Third Party Components

The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://www.heise.de/news/Vier-Jahre-langes-Hin-und-Her-zwischen-Sicherheitsforscher-und-Vasion-Print-10667194.html

Medienbericht

heise Security

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Vendor Advisory

https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

Vendor Advisory

https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#win-insecure-programs

Third Party Advisory

Exploit