Bug 2392595 (CVE-2025-58060)
| Summary: | CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | gotiwari, mvyas, security-response-team, zdohnal |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize() function, the password is not checked. This vulnerability allows attackers to bypass authentication entirely, resulting in unauthorized access to administrative functions and system configuration.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2395192, 2395193 | ||
| Bug Blocks: | |||
| Deadline: | 2025-09-11 | ||
|
Description
OSIDB Bzimport
2025-09-02 12:56:53 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:15702 https://access.redhat.com/errata/RHSA-2025:15702 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:15701 https://access.redhat.com/errata/RHSA-2025:15701 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:15700 https://access.redhat.com/errata/RHSA-2025:15700 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:16590 https://access.redhat.com/errata/RHSA-2025:16590 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:16591 https://access.redhat.com/errata/RHSA-2025:16591 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:16592 https://access.redhat.com/errata/RHSA-2025:16592 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:17049 https://access.redhat.com/errata/RHSA-2025:17049 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2025:17054 https://access.redhat.com/errata/RHSA-2025:17054 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:17141 https://access.redhat.com/errata/RHSA-2025:17141 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:17144 https://access.redhat.com/errata/RHSA-2025:17144 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:17164 https://access.redhat.com/errata/RHSA-2025:17164 |