vulnerability
Oracle Linux: CVE-2025-58060: ELSA-2025-15700: cups security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:P/I:C/A:C) | Sep 11, 2025 | Sep 15, 2025 | Oct 16, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:P/I:C/A:C)
Published
Sep 11, 2025
Added
Sep 15, 2025
Modified
Oct 16, 2025
Description
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize() function, the password is not checked. This vulnerability allows attackers to bypass authentication entirely, resulting in unauthorized access to administrative functions and system configuration.
Solutions
oracle-linux-upgrade-cupsoracle-linux-upgrade-cups-clientoracle-linux-upgrade-cups-develoracle-linux-upgrade-cups-filesystemoracle-linux-upgrade-cups-ipptooloracle-linux-upgrade-cups-libsoracle-linux-upgrade-cups-lpdoracle-linux-upgrade-cups-printerapp
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.