Vulnerability Report

CVE-2025-58060

Title: Openprinting Cups Auth Bypass

Auth Bypass

Proof Of Concept

PoC Available for CVE-2025-58060

CWE Category CWE-287
Published Date Sep 11, 2025
Modified Date Nov 04, 2025
Exploit Status Available
Score 8.0 CVSS v3.1
Exploit Probability (EPSS)
0.05%

Vulnerability Summary

CVE-2025-58060: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.

Impacted Vendors

E
easy_software_products 1
O
openprinting 1

Reference Links

https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221 https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq http://www.openwall.com/lists/oss-security/2025/09/11/1 https://lists.debian.org/debian-lts-announce/2025/09/msg00013.html
CVSS v3.1
Source Entity [email protected]
Severity HIGH
8.0
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2025-58060 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/aniruddh-bhandarkar/cups-script-final-project
View Code
MODIFIED

Vulnerability data or affected products updated.

MODIFIED

Vulnerability data updated via NVD.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector LOCAL
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Affected Stack

No specific products linked.