CVE-2025-34235 - Vasion Print (formerly PrinterLogic) Weak SSL/TLS Certificate Validation RCE
CVE ID : CVE-2025-34235
Published : Sept. 29, 2025, 9:15 p.m. | 1 hour, 47 minutes ago
Description : Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can intercept HTTPS traffic can then inject malicious driver DLLs, resulting in remote code execution with SYSTEM privileges; a local attacker can achieve local privilege escalation via a junction‑point DLL injection. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
Severity: 9.5 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Sept. 29, 2025, 9:15 p.m. | 1 hour, 47 minutes ago
Description : Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can intercept HTTPS traffic can then inject malicious driver DLLs, resulting in remote code execution with SYSTEM privileges; a local attacker can achieve local privilege escalation via a junction‑point DLL injection. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
Severity: 9.5 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...