TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2025-34189

HIGH
7.8

Beschreibung

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor as: V-2022-004 — Client Inter-process Security.

CVE Details

CVSS v3.1 Bewertung7.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht9/19/2025
Zuletzt geandert10/2/2025
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

apple:macoslinux:linux_kernelvasion:virtual_appliance_applicationvasion:virtual_appliance_host

Schwachen (CWE)

CWE-732CWE-922

Referenzen

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm(disclosure@vulncheck.com)
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm(disclosure@vulncheck.com)
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-lack-auth-communication(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-interprocess-communication(disclosure@vulncheck.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.