CVE-2025-58060
8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in authentication bypass. Any configuration that allows an AuthType that is not Basic is affected. Version 2.4.13 fixes the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenPrinting | cups | < 2.4.13 | affected |
Weaknesses
- CWE-287: CWE-287: Improper Authentication
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/09/msg00013.html
- http://www.openwall.com/lists/oss-security/2025/09/11/1
References
- https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq
- https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.