Authentication Bypass vulnerability in the authorization handling of the CUPS print server. The flaw exists in the cupsdAuthorize() function (scheduler/auth.c) where, if the configured AuthType is anything other than Basic, but the request still includes an Authorization: Basic ... header, the password validation step is skipped. This allows an attacker to bypass authentication checks entirely. By exploiting this issue, an attacker can perform privileged operations, including modifying configuration files, without providing valid credentials. This vulnerability can be exploited remotely depending on the deployment configuration and does not require valid authentication.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:15702 https://access.redhat.com/errata/RHSA-2025:15702
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:15701 https://access.redhat.com/errata/RHSA-2025:15701
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:15700 https://access.redhat.com/errata/RHSA-2025:15700
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:16590 https://access.redhat.com/errata/RHSA-2025:16590
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:16591 https://access.redhat.com/errata/RHSA-2025:16591
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:16592 https://access.redhat.com/errata/RHSA-2025:16592
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:17049 https://access.redhat.com/errata/RHSA-2025:17049
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2025:17054 https://access.redhat.com/errata/RHSA-2025:17054
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:17141 https://access.redhat.com/errata/RHSA-2025:17141
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:17144 https://access.redhat.com/errata/RHSA-2025:17144
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:17164 https://access.redhat.com/errata/RHSA-2025:17164