|
Vulnerabilities
< Back

CVE-2025-58060

Updated on 11 Sep 2025

Severity

8.0 High severity

Details

CVSS score
8.0
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in authentication bypass. Any configuration that allows an AuthType that is not Basic is affected. Version 2.4.13 fixes the issue.

Details

Affected product:
AlmaLinux 9.2 ESU , CentOS 7 ELS , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , CloudLinux 7 ELS , Oracle Linux 7 ELS , RHEL 7 ELS , Ubuntu 16.04 ELS , Ubuntu 18.04 ELS
Affected packages:
cups @ 1.6.3 (+9 more)
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in authentication bypass. Any configuration that allows an AuthType that is not Basic is affected. Version 2.4.13 fixes the issue.

Fixes