CVE-2025-34195
Published: 19 September 2025
Summary
CVE-2025-34195 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 18.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
Vasion Print, formerly known as PrinterLogic, is affected by CVE-2025-34195 in Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 on Windows client deployments. The flaw is an unquoted service path in the PrinterInstallerClient driver-installation component, which launches executables from the path "C:\Program Files (x86)\Printer Properties Pro\Printer Installer". Because the path is unquoted, Windows may instead run a binary such as C:\Program.exe if it exists, and this occurs with the privileges of the installer process.
An attacker who can write to a short-path location on the system can place a malicious executable that will be executed during driver installation. This grants arbitrary code execution and potential privilege escalation, enabling full compromise of the affected Windows endpoint. The vulnerability is tracked by the vendor as V-2022-006 and is classified under CWE-434.
Vendor security bulletins at the provided PrinterLogic URLs describe the issue and direct customers to upgrade the Virtual Appliance Host to 1.0.735 or later and the Application to 20.0.1330 or later. The EPSS score remains low and unchanged at 0.0152 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-30265
Vulnerability details
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability during driver installation caused by unquoted program paths. The PrinterInstallerClient driver-installation component launches programs using…
more
an unquoted path under "C:\Program Files (x86)\Printer Properties Pro\Printer Installer". Because the path is unquoted, the operating system may execute a program located at a short-path location such as C:\Program.exe before the intended binaries in the quoted path. If an attacker can place or cause a program to exist at that location, it will be executed with the privileges of the installer process (which may be elevated), enabling arbitrary code execution and potential privilege escalation. This weakness can be used to achieve remote code execution and full compromise of affected Windows endpoints. This vulnerability has been identified by the vendor as: V-2022-006 — Driver Upload Security.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The unquoted path vulnerability in the PrinterInstallerClient during driver installation enables path interception by unquoted path (T1574.009) and exploitation for privilege escalation (T1068), allowing arbitrary code execution with installer privileges.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation requires timely patching of the vulnerable PrinterInstallerClient to versions with quoted paths, directly preventing RCE exploitation during driver installation.
Malicious code protection scans for and blocks attacker-placed executables like C:\Program.exe that exploit the unquoted path during driver installation.
System monitoring detects anomalous executions from short-path locations or suspicious driver installation activities indicative of unquoted path exploitation.