Cyber Resilience

CVE-2025-34195

HighPublic PoC

Published: 19 September 2025

Published
19 September 2025
Modified
02 October 2025
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0152 81.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34195 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 18.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

Vasion Print, formerly known as PrinterLogic, is affected by CVE-2025-34195 in Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 on Windows client deployments. The flaw is an unquoted service path in the PrinterInstallerClient driver-installation component, which launches executables from the path "C:\Program Files (x86)\Printer Properties Pro\Printer Installer". Because the path is unquoted, Windows may instead run a binary such as C:\Program.exe if it exists, and this occurs with the privileges of the installer process.

An attacker who can write to a short-path location on the system can place a malicious executable that will be executed during driver installation. This grants arbitrary code execution and potential privilege escalation, enabling full compromise of the affected Windows endpoint. The vulnerability is tracked by the vendor as V-2022-006 and is classified under CWE-434.

Vendor security bulletins at the provided PrinterLogic URLs describe the issue and direct customers to upgrade the Virtual Appliance Host to 1.0.735 or later and the Application to 20.0.1330 or later. The EPSS score remains low and unchanged at 0.0152 with no material increase after disclosure.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability during driver installation caused by unquoted program paths. The PrinterInstallerClient driver-installation component launches programs using…

more

an unquoted path under "C:\Program Files (x86)\Printer Properties Pro\Printer Installer". Because the path is unquoted, the operating system may execute a program located at a short-path location such as C:\Program.exe before the intended binaries in the quoted path. If an attacker can place or cause a program to exist at that location, it will be executed with the privileges of the installer process (which may be elevated), enabling arbitrary code execution and potential privilege escalation. This weakness can be used to achieve remote code execution and full compromise of affected Windows endpoints. This vulnerability has been identified by the vendor as: V-2022-006 — Driver Upload Security.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1574.009 Path Interception by Unquoted Path Stealth
Adversaries may execute their own malicious payloads by hijacking vulnerable file path references.
Why these techniques?

The unquoted path vulnerability in the PrinterInstallerClient during driver installation enables path interception by unquoted path (T1574.009) and exploitation for privilege escalation (T1068), allowing arbitrary code execution with installer privileges.

CVEs Like This One

CVE-2025-34193Same product: Microsoft Windows
CVE-2025-34222Same product: Vasion Virtual Appliance Application
CVE-2025-34204Same product: Vasion Virtual Appliance Application
CVE-2025-34205Same product: Vasion Virtual Appliance Application
CVE-2025-34218Same product: Vasion Virtual Appliance Application
CVE-2025-34221Same product: Vasion Virtual Appliance Application
CVE-2025-34202Same product: Vasion Virtual Appliance Application
CVE-2025-34198Same product: Vasion Virtual Appliance Application
CVE-2025-34216Same product: Vasion Virtual Appliance Application
CVE-2025-34231Same product: Vasion Virtual Appliance Application

Affected Assets

vasion
virtual appliance application
≤ 20.0.1330
vasion
virtual appliance host
≤ 1.0.735

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation requires timely patching of the vulnerable PrinterInstallerClient to versions with quoted paths, directly preventing RCE exploitation during driver installation.

preventdetect

Malicious code protection scans for and blocks attacker-placed executables like C:\Program.exe that exploit the unquoted path during driver installation.

detect

System monitoring detects anomalous executions from short-path locations or suspicious driver installation activities indicative of unquoted path exploitation.

References