Fluid Attacks Database

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in authentication bypass. Any configuration that allows an AuthType that is not Basic is affected. Version 2.4.13 fixes the issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	cups	=2.3.3op2-3+deb11u1 \|\| =2.3.3op2-3+deb11u2 \|\| =2.3.3op2-3+deb11u3 \|\| =2.3.3op2-3+deb11u4 \|\| =2.3.3op2-3+deb11u5 \|\| =2.3.3op2-3+deb11u6 \|\| =2.3.3op2-3+deb11u7 \|\| =2.3.3op2-3+deb11u8 \|\| =2.3.3op2-3+deb11u9 \|\| >=0 <2.3.3op2-3+deb11u10	2.3.3op2-3+deb11u10
debian 12	cups	=2.4.2-3 \|\| =2.4.2-3+deb12u1 \|\| =2.4.2-3+deb12u2 \|\| =2.4.2-3+deb12u3 \|\| =2.4.2-3+deb12u4 \|\| =2.4.2-3+deb12u5 \|\| =2.4.2-3+deb12u6 \|\| =2.4.2-3+deb12u7 \|\| =2.4.2-3+deb12u8 \|\| >=0 <2.4.2-3+deb12u9	2.4.2-3+deb12u9
debian 13	cups	=2.4.10-3 \|\| >=0 <2.4.10-3+deb13u1	2.4.10-3+deb13u1
debian 14	cups	=2.4.10-3 \|\| >=0 <2.4.10-4	2.4.10-4
alpine v3.23	cups	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.2-r1 \|\| =1.4.2-r2 \|\| =1.4.3-r0 \|\| =1.4.3-r1 \|\| =1.4.3-r2 \|\| =1.4.3-r3 \|\| =1.4.4-r0 \|\| =1.4.4-r1 \|\| =1.4.5-r0 \|\| =1.4.6-r0 \|\| =1.4.7-r0 \|\| =1.4.8-r0 \|\| =1.5.0-r0 \|\| =1.5.0-r1 \|\| =1.5.0-r2 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.5.4-r1 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.6.2-r0 \|\| =1.6.2-r1 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7.0-r0 \|\| =1.7.0-r1 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.3-r1 \|\| =1.7.4-r0 \|\| =1.7.5-r0 \|\| =2.0.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.0.2-r1 \|\| =2.0.2-r2 \|\| =2.0.3-r0 \|\| =2.0.4-r0 \|\| =2.1.0-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.1.3-r0 \|\| =2.1.3-r1 \|\| =2.1.4-r0 \|\| =2.2.1-r0 \|\| =2.2.1-r1 \|\| =2.2.10-r0 \|\| =2.2.11-r0 \|\| =2.2.12-r0 \|\| =2.2.12-r1 \|\| =2.2.12-r2 \|\| =2.2.2-r0 \|\| =2.2.2-r1 \|\| =2.2.2-r2 \|\| =2.2.3-r0 \|\| =2.2.3-r1 \|\| =2.2.4-r0 \|\| =2.2.5-r0 \|\| =2.2.5-r1 \|\| =2.2.6-r0 \|\| =2.2.9-r0 \|\| =2.3.3-r0 \|\| =2.3.3-r1 \|\| =2.3.3-r2 \|\| =2.3.3-r3 \|\| =2.3.3-r4 \|\| =2.4.0-r0 \|\| =2.4.1-r0 \|\| =2.4.1-r1 \|\| =2.4.10-r0 \|\| =2.4.10-r1 \|\| =2.4.11-r0 \|\| =2.4.12-r0 \|\| =2.4.2-r0 \|\| =2.4.2-r1 \|\| =2.4.2-r2 \|\| =2.4.2-r3 \|\| =2.4.2-r4 \|\| =2.4.2-r5 \|\| =2.4.2-r6 \|\| =2.4.2-r7 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.4-r0 \|\| =2.4.5-r0 \|\| =2.4.6-r0 \|\| =2.4.7-r0 \|\| =2.4.7-r1 \|\| =2.4.7-r2 \|\| =2.4.7-r3 \|\| =2.4.7-r4 \|\| =2.4.8-r0 \|\| =2.4.9-r0 \|\| >=0 <2.4.13-r0	2.4.13-r0
alpine v3.21	cups	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.2-r1 \|\| =1.4.2-r2 \|\| =1.4.3-r0 \|\| =1.4.3-r1 \|\| =1.4.3-r2 \|\| =1.4.3-r3 \|\| =1.4.4-r0 \|\| =1.4.4-r1 \|\| =1.4.5-r0 \|\| =1.4.6-r0 \|\| =1.4.7-r0 \|\| =1.4.8-r0 \|\| =1.5.0-r0 \|\| =1.5.0-r1 \|\| =1.5.0-r2 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.5.4-r1 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.6.2-r0 \|\| =1.6.2-r1 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7.0-r0 \|\| =1.7.0-r1 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.3-r1 \|\| =1.7.4-r0 \|\| =1.7.5-r0 \|\| =2.0.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.0.2-r1 \|\| =2.0.2-r2 \|\| =2.0.3-r0 \|\| =2.0.4-r0 \|\| =2.1.0-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.1.3-r0 \|\| =2.1.3-r1 \|\| =2.1.4-r0 \|\| =2.2.1-r0 \|\| =2.2.1-r1 \|\| =2.2.10-r0 \|\| =2.2.11-r0 \|\| =2.2.12-r0 \|\| =2.2.12-r1 \|\| =2.2.12-r2 \|\| =2.2.2-r0 \|\| =2.2.2-r1 \|\| =2.2.2-r2 \|\| =2.2.3-r0 \|\| =2.2.3-r1 \|\| =2.2.4-r0 \|\| =2.2.5-r0 \|\| =2.2.5-r1 \|\| =2.2.6-r0 \|\| =2.2.9-r0 \|\| =2.3.3-r0 \|\| =2.3.3-r1 \|\| =2.3.3-r2 \|\| =2.3.3-r3 \|\| =2.3.3-r4 \|\| =2.4.0-r0 \|\| =2.4.1-r0 \|\| =2.4.1-r1 \|\| =2.4.10-r0 \|\| =2.4.10-r1 \|\| =2.4.11-r0 \|\| =2.4.2-r0 \|\| =2.4.2-r1 \|\| =2.4.2-r2 \|\| =2.4.2-r3 \|\| =2.4.2-r4 \|\| =2.4.2-r5 \|\| =2.4.2-r6 \|\| =2.4.2-r7 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.4-r0 \|\| =2.4.5-r0 \|\| =2.4.6-r0 \|\| =2.4.7-r0 \|\| =2.4.7-r1 \|\| =2.4.7-r2 \|\| =2.4.7-r3 \|\| =2.4.7-r4 \|\| =2.4.8-r0 \|\| =2.4.9-r0 \|\| >=0 <2.4.16-r0	2.4.16-r0
alpine v3.22	cups	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.2-r1 \|\| =1.4.2-r2 \|\| =1.4.3-r0 \|\| =1.4.3-r1 \|\| =1.4.3-r2 \|\| =1.4.3-r3 \|\| =1.4.4-r0 \|\| =1.4.4-r1 \|\| =1.4.5-r0 \|\| =1.4.6-r0 \|\| =1.4.7-r0 \|\| =1.4.8-r0 \|\| =1.5.0-r0 \|\| =1.5.0-r1 \|\| =1.5.0-r2 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.5.4-r1 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.6.2-r0 \|\| =1.6.2-r1 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7.0-r0 \|\| =1.7.0-r1 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.3-r1 \|\| =1.7.4-r0 \|\| =1.7.5-r0 \|\| =2.0.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.0.2-r1 \|\| =2.0.2-r2 \|\| =2.0.3-r0 \|\| =2.0.4-r0 \|\| =2.1.0-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.1.3-r0 \|\| =2.1.3-r1 \|\| =2.1.4-r0 \|\| =2.2.1-r0 \|\| =2.2.1-r1 \|\| =2.2.10-r0 \|\| =2.2.11-r0 \|\| =2.2.12-r0 \|\| =2.2.12-r1 \|\| =2.2.12-r2 \|\| =2.2.2-r0 \|\| =2.2.2-r1 \|\| =2.2.2-r2 \|\| =2.2.3-r0 \|\| =2.2.3-r1 \|\| =2.2.4-r0 \|\| =2.2.5-r0 \|\| =2.2.5-r1 \|\| =2.2.6-r0 \|\| =2.2.9-r0 \|\| =2.3.3-r0 \|\| =2.3.3-r1 \|\| =2.3.3-r2 \|\| =2.3.3-r3 \|\| =2.3.3-r4 \|\| =2.4.0-r0 \|\| =2.4.1-r0 \|\| =2.4.1-r1 \|\| =2.4.10-r0 \|\| =2.4.10-r1 \|\| =2.4.11-r0 \|\| =2.4.2-r0 \|\| =2.4.2-r1 \|\| =2.4.2-r2 \|\| =2.4.2-r3 \|\| =2.4.2-r4 \|\| =2.4.2-r5 \|\| =2.4.2-r6 \|\| =2.4.2-r7 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.4-r0 \|\| =2.4.5-r0 \|\| =2.4.6-r0 \|\| =2.4.7-r0 \|\| =2.4.7-r1 \|\| =2.4.7-r2 \|\| =2.4.7-r3 \|\| =2.4.7-r4 \|\| =2.4.8-r0 \|\| =2.4.9-r0 \|\| >=0 <2.4.16-r0	2.4.16-r0
alpine v3.20	cups	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.2-r1 \|\| =1.4.2-r2 \|\| =1.4.3-r0 \|\| =1.4.3-r1 \|\| =1.4.3-r2 \|\| =1.4.3-r3 \|\| =1.4.4-r0 \|\| =1.4.4-r1 \|\| =1.4.5-r0 \|\| =1.4.6-r0 \|\| =1.4.7-r0 \|\| =1.4.8-r0 \|\| =1.5.0-r0 \|\| =1.5.0-r1 \|\| =1.5.0-r2 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.5.4-r1 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.6.2-r0 \|\| =1.6.2-r1 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7.0-r0 \|\| =1.7.0-r1 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.3-r1 \|\| =1.7.4-r0 \|\| =1.7.5-r0 \|\| =2.0.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.0.2-r1 \|\| =2.0.2-r2 \|\| =2.0.3-r0 \|\| =2.0.4-r0 \|\| =2.1.0-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.1.3-r0 \|\| =2.1.3-r1 \|\| =2.1.4-r0 \|\| =2.2.1-r0 \|\| =2.2.1-r1 \|\| =2.2.10-r0 \|\| =2.2.11-r0 \|\| =2.2.12-r0 \|\| =2.2.12-r1 \|\| =2.2.12-r2 \|\| =2.2.2-r0 \|\| =2.2.2-r1 \|\| =2.2.2-r2 \|\| =2.2.3-r0 \|\| =2.2.3-r1 \|\| =2.2.4-r0 \|\| =2.2.5-r0 \|\| =2.2.5-r1 \|\| =2.2.6-r0 \|\| =2.2.9-r0 \|\| =2.3.3-r0 \|\| =2.3.3-r1 \|\| =2.3.3-r2 \|\| =2.3.3-r3 \|\| =2.3.3-r4 \|\| =2.4.0-r0 \|\| =2.4.1-r0 \|\| =2.4.1-r1 \|\| =2.4.2-r0 \|\| =2.4.2-r1 \|\| =2.4.2-r2 \|\| =2.4.2-r3 \|\| =2.4.2-r4 \|\| =2.4.2-r5 \|\| =2.4.2-r6 \|\| =2.4.2-r7 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.4-r0 \|\| =2.4.5-r0 \|\| =2.4.6-r0 \|\| =2.4.7-r0 \|\| =2.4.7-r1 \|\| =2.4.7-r2 \|\| =2.4.7-r3 \|\| =2.4.7-r4 \|\| =2.4.8-r0 \|\| =2.4.9-r0 \|\| =2.4.9-r1 \|\| >=0 <2.4.16-r0	2.4.16-r0
rpm rhel10	cups	<1:2.4.10-11.el10_0.1	1:2.4.10-11.el10_0.1
rpm rhel8.4	cups	<1:2.2.6-38.el8_4.3	1:2.2.6-38.el8_4.3

1-10 of 14

Aliases

1. CVE-2025-580602. NVD-2025-580603. OSV-DEBIAN-2025-580604. OSV-2025-580605. OSV-ALPINE-2025-580606. SECURITY-TRACKER-CVE-2025-580607. SECURITY-CVE-2025-58060

References

1. https://github.com/aniruddh-bhandarkar/cups-script-final-project

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.