Authentication Bypass in OpenPrinting CUPS Affects Multiple Unix-like Systems
CVE-2025-58060

8HIGH

Key Information:

Vendor: Openprinting
Status: Cups
Vendor: CVE Published:; 11 September 2025

🔔 Create Openprinting Vulnerability Alert

What is CVE-2025-58060?

OpenPrinting CUPS, an open-source printing system utilized across various Linux and Unix-like operating systems, is subject to a critical vulnerability that allows an authentication bypass. Specifically, in versions 2.4.12 and earlier, if the AuthType is set to anything other than Basic, the system fails to validate passwords when encountering Authorization: Basic ... headers. This oversight remains undetected during authentication attempts, enabling unauthorized access for malicious actors. Configurations permitting non-Basic authentication types are particularly susceptible. The issue has been resolved in version 2.4.13.

Affected Version(s)

cups < 2.4.13

References

https://github.com/OpenPrinting/cups/security/advisories/...

x_refsource_CONFIRM

https://github.com/OpenPrinting/cups/commit/595d691075b1d...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Aug 22, 2025