Home

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor as: V-2022-004 — Client Inter-process Security.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-19 | Updated 2025-10-02 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

CWE-922 Insecure Storage of Sensitive Information

Product status

Default status
unaffected

* (semver) before 1.0.735
affected

Default status
unaffected

* (semver) before 20.0.1330
affected

Credits

Pierre Barre finder

References

help.printerlogic.com/...int/Security/Security-Bulletins.htm vendor-advisory patch

pierrekim.github.io/...-printerlogic-83-vulnerabilities.html technical-description exploit

help.printerlogic.com/...int/Security/Security-Bulletins.htm vendor-advisory patch

www.vulncheck.com/...gic-insecure-interprocess-communication third-party-advisory

cve.org (CVE-2025-34189)

nvd.nist.gov (CVE-2025-34189)

Download JSON