CVE-2025-34195
Published: 19 September 2025
Summary
CVE-2025-34195 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 20.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation requires timely patching of the vulnerable PrinterInstallerClient to versions with quoted paths, directly preventing RCE exploitation during driver installation.
Malicious code protection scans for and blocks attacker-placed executables like C:\Program.exe that exploit the unquoted path during driver installation.
System monitoring detects anomalous executions from short-path locations or suspicious driver installation activities indicative of unquoted path exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The unquoted path vulnerability in the PrinterInstallerClient during driver installation enables path interception by unquoted path (T1574.009) and exploitation for privilege escalation (T1068), allowing arbitrary code execution with installer privileges.
NVD Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability during driver installation caused by unquoted program paths. The PrinterInstallerClient driver-installation component launches programs using…
more
an unquoted path under "C:\Program Files (x86)\Printer Properties Pro\Printer Installer". Because the path is unquoted, the operating system may execute a program located at a short-path location such as C:\Program.exe before the intended binaries in the quoted path. If an attacker can place or cause a program to exist at that location, it will be executed with the privileges of the installer process (which may be elevated), enabling arbitrary code execution and potential privilege escalation. This weakness can be used to achieve remote code execution and full compromise of affected Windows endpoints. This vulnerability has been identified by the vendor as: V-2022-006 — Driver Upload Security.
Deeper analysisAI
CVE-2025-34195 is a remote code execution vulnerability affecting Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 in Windows client deployments. The flaw arises in the PrinterInstallerClient driver-installation component, which launches programs using an unquoted path under "C:\Program Files (x86)\Printer Properties Pro\Printer Installer". Due to the lack of quotes, the operating system prioritizes and may execute a program at a short-path location, such as C:\Program.exe, before reaching the intended binaries. This issue, mapped to CWE-434 (Unquoted Search Path or Element) and identified by the vendor as V-2022-006 (Driver Upload Security), carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A remote, unauthenticated attacker can exploit this vulnerability by placing or influencing the placement of a malicious program at the short-path location. During driver installation, the attacker's executable runs with the privileges of the installer process, which may be elevated, enabling arbitrary code execution, potential privilege escalation, and full compromise of the affected Windows endpoint.
Vendor security bulletins recommend upgrading to Virtual Appliance Host version 1.0.735 or later and Application version 20.0.1330 or later to mitigate the issue. Further details on patches and affected configurations are provided in advisories at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm and https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm, with additional analysis available from VulnCheck (https://www.vulncheck.com/advisories/vasion-print-printerlogic-unquoted-path-during-driver-installation) and Pierre Kim's report on 83 related vulnerabilities (https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#win-rce-01).
Details
- CWE(s)