CVE-2025-61915
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
29/11/2025
Last modified:
04/12/2025
Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
Impact
Base Score 3.x
6.00
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:* | 2.4.15 (excluding) | |
| cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0
- https://github.com/OpenPrinting/cups/releases/tag/v2.4.15
- https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc
- http://www.openwall.com/lists/oss-security/2025/11/27/5
- https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc