Out-of-Bound Write Vulnerability in OpenPrinting CUPS Affects Linux Systems
CVE-2025-61915

6MEDIUM

Key Information:

Vendor

Openprinting

Status
Cups
Vendor
CVE Published:
29 November 2025

What is CVE-2025-61915?

OpenPrinting CUPS is an open-source printing system for Linux and Unix-like operating systems. A vulnerability exists where a user belonging to the lpadmin group can manipulate the CUPS web UI to alter configuration settings by inserting a malicious line. This action may lead to an out-of-bound write due to the cupsd process, which operates with root privileges, parsing the modified configuration file. This vulnerability has been addressed in version 2.4.15, reinforcing the security posture of affected systems.

Affected Version(s)

cups < 2.4.15

References

https://github.com/OpenPrinting/cups/security/advisories/...
x_refsource_CONFIRM
https://github.com/OpenPrinting/cups/commit/db8d560262c22...
x_refsource_MISC
https://github.com/OpenPrinting/cups/releases/tag/v2.4.15
x_refsource_MISC

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61915 : Out-of-Bound Write Vulnerability in OpenPrinting CUPS Affects Linux Systems