CVE-2025-58060

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in authentication bypass. Any configuration that allows an AuthType that is not Basic is affected. Version 2.4.13 fixes the issue.

Published: Sep 11, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-58060
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
openprinting / cups	-	2.4.13

http://www.openwall.com/lists/oss-security/2025/09/11/1
https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221
https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq
https://lists.debian.org/debian-lts-announce/2025/09/msg00013.html

Vulnerability Database

CVE-2025-58060

Deep Security Visibility Without the Complexity