CVE-2025-34235 PUBLISHED

Vasion Print (formerly PrinterLogic) Weak SSL/TLS Certificate Validation RCE

Assigner: VulnCheck
Reserved: 15.04.2025 Published: 29.09.2025 Updated: 15.05.2026

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can intercept HTTPS traffic can then inject malicious driver DLLs, resulting in remote code execution with SYSTEM privileges; a local attacker can achieve local privilege escalation via a junction‑point DLL injection. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score: 9.5

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	High
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	Present	Availability	High	Availability	High
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Vasion
Product	Print Virtual Appliance Host
Versions	Default: unaffected affected from 0 to 25.1.102 (excl.)

Vendor	Vasion
Product	Print Application
Versions	Default: unaffected affected from 0 to 25.1.1413 (excl.)

Credits

Pierre Barre finder

References

Problem Types

CWE-295 Improper Certificate Validation CWE

Impacts

CAPEC-217 Exploiting Incorrectly Configured SSL/TLS