Unrated severityNVD Advisory· Published Sep 11, 2025· Updated Nov 4, 2025

cups has Authentication bypass with AuthType Negotiate

CVE-2025-58060

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in authentication bypass. Any configuration that allows an AuthType that is not Basic is affected. Version 2.4.13 fixes the issue.

Affected products

Openprinting/Cupsv5
Range: < 2.4.13

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221mitrex_refsource_MISC
github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmqmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000