CVE-2025-58060NVD

Vulnerability Summary

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.

Severity Level

HIGH(8.0)

Published Date

Sep 11, 2025

Last Modified

Sep 15, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-287: Improper Authentication ↗

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityLow

IntegrityHigh

AvailabilityHigh

External References

https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221
https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-58060NVD

Vulnerability Summary

External References