CVE-2025-61915Buffer Underflow in Cups

CWE-124Buffer UnderflowCWE-129Improper Validation of Array IndexCWE-1173Improper Use of Validation Framework7 documents7 sources
Severity
6.7MEDIUMNVD
CNA6.0
EPSS
0.0%
top 90.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openprinting CupsApple Cups
Timeline
PublishedNov 29

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5openprinting/cups< 2.4.15
NVDopenprinting/cups< 2.4.15
Debianapple/cups< 2.4.15-1

Patches

Patch: github.com

🔴Vulnerability Details

2
CVEList
OpenPrinting CUPS vulnerable to stack based out-of-bound write2025-11-29
OSV
CVE-2025-61915: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems2025-11-29

📋Vendor Advisories

4
Red Hat
CUPS: Local denial-of-service via cupsd.conf update and related issues2025-11-28
Ubuntu
CUPS vulnerability2025-11-27
Microsoft
OpenPrinting CUPS vulnerable to stack based out-of-bound write2025-11-11
Debian
CVE-2025-61915: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik...2025
CVE-2025-61915 — Buffer Underflow in Openprinting Cups | cvebase