CVE-2025-58060
published 2025-09-11CVE-2025-58060: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set…
high8CVSS 3.1
AVLACLPRNUINSUCLIHAH
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | >= 0 < 2.3.3op2-3+deb11u10 | 2.3.3op2-3+deb11u10 |
| apple | cups | >= 0 < 2.4.2-3+deb12u9 | 2.4.2-3+deb12u9 |
| apple | cups | >= 0 < 2.4.10-3+deb13u1 | 2.4.10-3+deb13u1 |
| apple | cups | >= 0 < 2.4.10-4 | 2.4.10-4 |
| apple | cups | >= 0 < 2.4.1op1-1ubuntu4.12 | 2.4.1op1-1ubuntu4.12 |
| apple | cups | >= 0 < 2.4.7-1.2ubuntu7.4 | 2.4.7-1.2ubuntu7.4 |
| apple | cups | >= 0 < 2.1.3-4ubuntu0.11+esm9 | 2.1.3-4ubuntu0.11+esm9 |
| apple | cups | >= 0 < 2.2.7-1ubuntu2.10+esm7 | 2.2.7-1ubuntu2.10+esm7 |
| apple | cups | >= 0 < 2.3.1-9ubuntu1.9+esm1 | 2.3.1-9ubuntu1.9+esm1 |
| debian | cups | < cups 2.4.2-3+deb12u9 (bookworm) | cups 2.4.2-3+deb12u9 (bookworm) |
| msrc | azl3_cups_2.4.10-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_cups_2.3.3op2-9_on_cbl_mariner_2.0 | — | — |
| openprinting | cups | < 2.4.13 | 2.4.13 |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
osv8.0HIGH