CVE-2025-58060

CVE-2025-58060

Name

CVE-2025-58060

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221
CONFIRM	https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/09/msg00013.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/11/1

Type

URI

MISC

https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221

CONFIRM

https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/09/msg00013.html

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/09/11/1

CPE URI	Source package	Min version	Max version
	cups	>= 0	< 2.4.13

CPE URI

Source package

Min version

Max version

cups

>= 0

< 2.4.13

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
cups	edge-main	2.4.13-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
cups	edge-main	2.4.12-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.11-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.10-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.10-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.8-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.7-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.7-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.7-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.7-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.6-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.3-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.2-r7	None	possibly vulnerable
cups	edge-main	2.4.2-r6	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.2-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.2-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.2-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.2-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.2-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.4.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	edge-main	2.3.3-r0	None	possibly vulnerable
cups	edge-main	2.2.12-r0	None	possibly vulnerable
cups	edge-main	2.2.10-r0	None	possibly vulnerable
cups	3.23-main	2.4.13-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
cups	3.22-main	2.4.11-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	3.22-main	2.4.10-r1	None	possibly vulnerable
cups	3.22-main	2.4.9-r0	None	possibly vulnerable
cups	3.22-main	2.4.7-r0	None	possibly vulnerable
cups	3.22-main	2.4.2-r7	None	possibly vulnerable
cups	3.22-main	2.4.2-r0	None	possibly vulnerable
cups	3.22-main	2.3.3-r0	None	possibly vulnerable
cups	3.22-main	2.2.12-r0	None	possibly vulnerable
cups	3.22-main	2.2.10-r0	None	possibly vulnerable
cups	3.21-main	2.4.11-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	3.21-main	2.4.10-r1	None	possibly vulnerable
cups	3.21-main	2.4.9-r0	None	possibly vulnerable
cups	3.21-main	2.4.7-r0	None	possibly vulnerable
cups	3.21-main	2.4.2-r7	None	possibly vulnerable
cups	3.21-main	2.4.2-r0	None	possibly vulnerable
cups	3.21-main	2.3.3-r0	None	possibly vulnerable
cups	3.21-main	2.2.12-r0	None	possibly vulnerable
cups	3.21-main	2.2.10-r0	None	possibly vulnerable
cups	3.20-main	2.4.9-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	3.20-main	2.4.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	3.20-main	2.4.8-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	3.20-main	2.4.7-r0	None	possibly vulnerable
cups	3.20-main	2.4.2-r7	None	possibly vulnerable
cups	3.20-main	2.4.2-r0	None	possibly vulnerable
cups	3.20-main	2.3.3-r0	None	possibly vulnerable
cups	3.20-main	2.2.12-r0	None	possibly vulnerable
cups	3.20-main	2.2.10-r0	None	possibly vulnerable
cups	3.19-main	2.4.9-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	3.19-main	2.4.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	3.19-main	2.4.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
cups	3.19-main	2.4.2-r7	None	possibly vulnerable
cups	3.19-main	2.4.2-r0	None	possibly vulnerable
cups	3.19-main	2.3.3-r0	None	possibly vulnerable
cups	3.19-main	2.2.12-r0	None	possibly vulnerable
cups	3.19-main	2.2.10-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages