PT-2025-37249 · Openprinting+9 · Cups+9

Hvenev-Insait

·

Published

2025-09-11

·

Updated

2026-05-13

·

CVE-2025-58060

CVSS v3.1

8.0

High

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Name of the Vulnerable Software and Affected Versions: OpenPrinting CUPS versions 2.4.12 and earlier
Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. When the AuthType is set to anything but Basic, if a request contains an Authorization: Basic ... header, the password is not checked, resulting in authentication bypass. Any configuration allowing an AuthType that is not Basic is affected.
Recommendations: Update to version 2.4.13 or later.

Exploit

Fix

Improper Authentication

Weakness Enumeration

CWE-287

Related Identifiers

ALSA-2025:15700
ALSA-2025:15701
ALSA-2025:15702
ALT-PU-2025-11731
ALT-PU-2025-12797
AZL-67112
AZL-67269
BDU:2025-11019
CESA-2025_15702
CVE-2025-58060
DLA-4298-1
DSA-5998-1
GHSA-4C68-QGRH-RMMQ
INFSA-2025_15700
INFSA-2025_15702
MGASA-2026-0001
OESA-2025-2334
OPENSUSE-SU-2025:15562-1
OPENSUSE-SU-2026:20172-1
RHSA-2025:15700
RHSA-2025:15701
RHSA-2025:15702
RHSA-2025:16590
RHSA-2025:16591
RHSA-2025:16592
RHSA-2025:17049
RHSA-2025:17054
RHSA-2025:17141
RHSA-2025:17144
RHSA-2025:17164
RHSA-2025_15700
RHSA-2025_15702
RHSA-2026:8814
SUSE-SU-2025:03178-1
SUSE-SU-2025:03261-1
SUSE-SU-2025_03178-1
SUSE-SU-2025_03261-1
SUSE-SU-2026:20229-1
SUSE-SU-2026:20231-1
SUSE-SU-2026:20528-1
SUSE-SU-2026:20535-1
USN-7745-1

Affected Products

Alt Linux
Almalinux
Cups
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu