CVE-2025-34194 is a vulnerability in Vasion Print Virtual Appliance Host versions before 25.1.102 and Windows client versions before 25.1.1413. The vulnerability stems from improper handling of temporary files by the PrinterInstallerClient component, which creates files with NT AUTHORITY\SYSTEM privileges inside directories controlled by the local user (specifically under C:\Users\%USER%\AppData\Local\Temp\). Because the directory is user-controllable, an attacker can create symbolic links or manipulate filenames to redirect the service's file write operations to arbitrary locations on the filesystem. When the service follows these symbolic links, it writes files as SYSTEM, enabling an unprivileged local user to overwrite or create files with elevated privileges. This can lead to local privilege escalation, allowing the attacker to modify critical configuration files, replace or inject malicious binaries, and compromise the confidentiality, integrity, and availability of the affected system. The vulnerability does not require user interaction or authentication beyond local access, making it relatively easy to exploit in environments where local user accounts are accessible. Although the vulnerability has been confirmed as remediated, the exact patch release date is not specified, and no public exploits have been observed. The CVSS 4.0 score of 8.5 reflects the high impact on system security and the low complexity of exploitation.

For European organizations, this vulnerability poses a significant risk especially in environments where Vasion Print Virtual Appliance Host or its Windows client versions are deployed. Successful exploitation allows local attackers to escalate privileges to SYSTEM, potentially leading to full system compromise. This can result in unauthorized modification or destruction of print service configurations, injection of malicious code, disruption of printing services, and broader compromise of networked systems if the print server is integrated with other critical infrastructure. Confidentiality may be breached if attackers access sensitive print jobs or system files. Integrity and availability are also at risk due to possible tampering or denial of print services. Organizations with shared or multi-user environments, such as enterprises, government agencies, and managed service providers, are particularly vulnerable. The lack of required user interaction and the ease of exploitation increase the threat level. Additionally, the unclear patch timeline may delay remediation efforts, prolonging exposure.

European organizations should immediately verify their Vasion Print Virtual Appliance Host and client versions and apply the latest patches once available. Until patches are confirmed, restrict local user permissions to prevent unprivileged users from creating or manipulating files in the temporary directories used by the PrinterInstallerClient component. Implement strict access controls and monitoring on the C:\Users\%USER%\AppData\Local\Temp\ directory to detect and block symbolic link creation or suspicious file operations. Employ application whitelisting to prevent unauthorized binaries from executing, and use endpoint detection and response (EDR) tools to monitor for unusual file system activity indicative of exploitation attempts. Network segmentation can limit the spread of compromise from affected print servers. Regularly audit local user accounts and remove unnecessary privileges to reduce the attack surface. Finally, maintain up-to-date backups of critical configurations and system states to enable recovery in case of compromise.