CVE-2025-58060
Public on 2025-09-11
Modified on 2025-09-12
Description
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize() function, the password is not checked. This vulnerability allows attackers to bypass authentication entirely, resulting in unauthorized access to administrative functions and system configuration.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | cups | No Fix Planned | ||
| Amazon Linux 2 - Core | cups | 2025-10-14 | ALAS2-2025-3028 | Fixed |
| Amazon Linux 2023 | cups | 2025-09-29 | ALAS2023-2025-1205 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.6 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv3 | 8.0 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |