CVE-2025-34235

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can intercept HTTPS traffic can then inject malicious driver DLLs, resulting in remote code execution with SYSTEM privileges; a local attacker can achieve local privilege escalation via a junction‑point DLL injection. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm	Vendor Advisory
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm	Vendor Advisory
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#win-lpe-04	Exploit Third Party Advisory
https://www.vulncheck.com/advisories/vasion-print-printerlogic-weak-ssl-tls-certificate-validation-rce	Third Party Advisory
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#win-lpe-04	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:vasion:virtual_appliance_application::::::::
	cpe:2.3:a:vasion:virtual_appliance_host::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

09 Oct 2025, 17:55

Type	Values Removed	Values Added
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:vasion:virtual_appliance_application:::::::: cpe:2.3:a:vasion:virtual_appliance_host::::::::
First Time		Microsoft Vasion Vasion virtual Appliance Application Microsoft windows Vasion virtual Appliance Host
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~() https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm -~~	() https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm - Vendor Advisory
References	~~() https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm -~~	() https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm - Vendor Advisory
References	~~() https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#win-lpe-04 -~~	() https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#win-lpe-04 - Exploit, Third Party Advisory
References	~~() https://www.vulncheck.com/advisories/vasion-print-printerlogic-weak-ssl-tls-certificate-validation-rce -~~	() https://www.vulncheck.com/advisories/vasion-print-printerlogic-weak-ssl-tls-certificate-validation-rce - Third Party Advisory

30 Sep 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#win-lpe-04 -~~	() https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#win-lpe-04 -

29 Sep 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-29 21:15

Updated : 2025-10-09 17:55

NVD link : CVE-2025-34235

Mitre link : CVE-2025-34235

CVE.ORG link : CVE-2025-34235

JSON object : View

Products Affected

vasion

virtual_appliance_host
virtual_appliance_application

microsoft

windows

CWE

CWE-295

Improper Certificate Validation

7.8 /10