vulnerability
Amazon Linux 2023: CVE-2025-58060: Medium priority package update for cups
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:P/I:C/A:C) | Sep 11, 2025 | Sep 30, 2025 | Sep 30, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:P/I:C/A:C)
Published
Sep 11, 2025
Added
Sep 30, 2025
Modified
Sep 30, 2025
Description
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize() function, the password is not checked. This vulnerability allows attackers to bypass authentication entirely, resulting in unauthorized access to administrative functions and system configuration.
Solutions
amazon-linux-2023-upgrade-cupsamazon-linux-2023-upgrade-cups-clientamazon-linux-2023-upgrade-cups-client-debuginfoamazon-linux-2023-upgrade-cups-debuginfoamazon-linux-2023-upgrade-cups-debugsourceamazon-linux-2023-upgrade-cups-develamazon-linux-2023-upgrade-cups-filesystemamazon-linux-2023-upgrade-cups-ipptoolamazon-linux-2023-upgrade-cups-ipptool-debuginfoamazon-linux-2023-upgrade-cups-libsamazon-linux-2023-upgrade-cups-libs-debuginfoamazon-linux-2023-upgrade-cups-lpdamazon-linux-2023-upgrade-cups-lpd-debuginfoamazon-linux-2023-upgrade-cups-printerappamazon-linux-2023-upgrade-cups-printerapp-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.