CVE-2025-61915

Summary

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.

Affected Software

VendorProductVersion RangeStatus
OpenPrintingcups< 2.4.15affected

Weaknesses

  • CWE-129: CWE-129: Improper Validation of Array Index
  • CWE-124: CWE-124: Buffer Underwrite ('Buffer Underflow')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References