CVE-2025-58060

cups has Authentication bypass with AuthType Negotiate

CVSS 8 HIGHEPSS 1.0%CWE-287

In short

CUPS printing system fails to properly validate passwords when using non-Basic authentication methods if a Basic auth header is included in requests. An attacker can bypass authentication and gain unauthorized access to the printer.

Technical detail

When AuthType is configured to anything other than Basic (e.g., Negotiate, Digest), CUPS incorrectly accepts requests containing Authorization: Basic headers without validating the password credential, allowing authentication bypass. This affects all non-Basic AuthType configurations and requires network access to the CUPS service.

Summary generated and translated by AI from the official description.

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Affected products

OpenPrinting · cups

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221 https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq https://lists.debian.org/debian-lts-announce/2025/09/msg00013.html http://www.openwall.com/lists/oss-security/2025/09/11/1