CVE-2025-61915
published 2025-11-29CVE-2025-61915: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | >= 0 < 2.4.15-1 | 2.4.15-1 |
| debian | cups | < cups 2.4.15-1 (forky) | cups 2.4.15-1 (forky) |
| msrc | azl3_cups_2.4.13-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_cups_2.3.3op2-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_cups_2.3.3op2-11_on_cbl_mariner_2.0 | — | — |
| openprinting | cups | < 2.4.15 | 2.4.15 |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv6.7MEDIUM