CVE-2025-58060 — Improper Authentication in Cups

CWE-287 — Improper Authentication8 documents7 sources

Severity

8.0HIGHNVD

EPSS

0.1%

top 83.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openprinting Cups Apple Cups

Timeline

PublishedSep 11

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:HExploitability: 2.5 | Impact: 5.5

Affected Packages4 packages

▶CVEListV5openprinting/cups< 2.4.13

▶NVDopenprinting/cups< 2.4.13

▶Debianapple/cups< 2.3.3op2-3+deb11u10+3

▶Ubuntuapple/cups< 2.4.1op1-1ubuntu4.12+4

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2025-58060: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems↗2025-09-11

▶

OSV

cups vulnerabilities↗2025-09-11

▶

CVEList

cups has Authentication bypass with AuthType Negotiate↗2025-09-11

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2025-09-11

▶

Red Hat

cups: Authentication Bypass in CUPS Authorization Handling↗2025-09-11

▶

Microsoft

cups has Authentication bypass with AuthType Negotiate↗2025-09-09

▶

Debian

CVE-2025-58060: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik...↗2025

▶