CVE-2025-34195 is a vulnerability in Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Windows client application versions prior to 20.0.1330. The issue stems from unquoted program paths in the PrinterInstallerClient driver-installation component, specifically under the directory "C:\Program Files (x86)\Printer Properties Pro\Printer Installer". When the installer launches programs, the lack of quotes around the path allows the Windows operating system to interpret the path incorrectly and potentially execute a malicious executable located at a higher-level directory such as "C:\Program.exe" before the legitimate installer binary. An attacker who can place or cause a malicious executable to exist at such a location can achieve arbitrary code execution with the privileges of the installer process, which may be elevated, leading to privilege escalation and full system compromise. This vulnerability does not require authentication or user interaction, increasing its risk profile. It is categorized under CWE-434 (Unrestricted Upload of File with Dangerous Type), indicating that the vulnerability relates to improper handling of file uploads or execution paths that allow dangerous files to be introduced and executed. The CVSS v4.0 base score is 8.6 (high), reflecting the vulnerability’s significant impact on confidentiality, integrity, and availability, combined with its ease of exploitation. No public exploits are known at this time, but the vulnerability is critical due to the potential for remote code execution and full endpoint compromise. The vendor has identified this as V-2022-006 — Driver Upload Security, but no patch links are currently provided, indicating that remediation may be pending or in progress.

For European organizations, this vulnerability poses a serious risk to Windows endpoints running affected versions of Vasion Print Virtual Appliance Host or its Windows client application. Successful exploitation can lead to remote code execution and privilege escalation, allowing attackers to gain full control over affected systems. This can result in data breaches, disruption of printing services critical to business operations, and lateral movement within corporate networks. Given that print management solutions often have elevated privileges and access to sensitive documents, the confidentiality and integrity of corporate data are at risk. Additionally, the ability to execute arbitrary code without authentication or user interaction increases the likelihood of automated or wormable attacks, potentially impacting large numbers of systems rapidly. The lack of known exploits in the wild currently reduces immediate risk but does not diminish the urgency for mitigation. Organizations in sectors such as finance, healthcare, government, and manufacturing—where print infrastructure is integral and data sensitivity is high—are particularly vulnerable. The impact extends beyond individual endpoints to potentially compromise entire network segments and critical infrastructure.

1. Monitor vendor communications closely and apply official patches or updates as soon as they become available to address CVE-2025-34195. 2. Until patches are released, restrict write permissions to directories higher in the path hierarchy (e.g., C:\) to prevent unauthorized placement of executables like "C:\Program.exe". 3. Implement application whitelisting and endpoint protection solutions that can detect and block execution of unauthorized binaries in critical system paths. 4. Conduct regular audits of system directories for unexpected or suspicious executables, especially in locations that could be exploited due to unquoted path issues. 5. Employ network segmentation to limit the spread of potential compromises originating from print management endpoints. 6. Educate IT staff about the risks of unquoted service paths and ensure secure configuration practices are followed for all software installations. 7. Use least privilege principles for service accounts running printer installation components to minimize the impact of any compromise. 8. Enable logging and alerting on driver installation activities to detect anomalous behavior indicative of exploitation attempts.