CVE-2025-58364

EUVD-2025-28982

11.09.2025, 18:15

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector "Network" is possible. The current versions of CUPS and cups-browsed projects have the attack vector "Adjacent" in their default configurations. Version 2.4.13 contains a patch for CVE-2025-58364.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 34%

Affected Products (NVD)

Vendor	Product	Version
openprinting	cups	𝑥 < 2.4.13

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

cups

bookworm	2.4.2-3+deb12u9 fixed
bookworm (security)	2.4.2-3+deb12u9 fixed
bullseye	vulnerable
bullseye (security)	2.3.3op2-3+deb11u10 fixed
forky	2.4.18-1 fixed
sid	2.4.18-1 fixed
trixie	2.4.10-3+deb13u2 fixed
trixie (security)	2.4.10-3+deb13u1 fixed

openSUSE / SLES Releases

openSUSE Product

Release

cups

suse enterprise desktop 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise desktop 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise server 12 SP3	1.7.5-20.54.1 fixed
suse enterprise server 12 SP5	1.7.5-20.54.1 fixed
suse enterprise server 15 SP2	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.72.1 fixed

cups-client

suse enterprise desktop 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise desktop 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise server 12 SP3	1.7.5-20.54.1 fixed
suse enterprise server 12 SP5	1.7.5-20.54.1 fixed
suse enterprise server 15 SP2	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.72.1 fixed

cups-config

suse enterprise desktop 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise desktop 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP2	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.72.1 fixed

cups-ddk

suse enterprise sap 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP2	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.72.1 fixed

cups-devel

suse enterprise desktop 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise desktop 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise server 12 SP5	1.7.5-20.54.1 fixed
suse enterprise server 15 SP2	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.72.1 fixed

cups-libs

suse enterprise server 12 SP3	1.7.5-20.54.1 fixed
suse enterprise server 12 SP5	1.7.5-20.54.1 fixed

cups-libs-32bit

suse enterprise server 12 SP3	1.7.5-20.54.1 fixed
suse enterprise server 12 SP5	1.7.5-20.54.1 fixed

libcups2

suse enterprise desktop 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise desktop 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP2	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.72.1 fixed

libcups2-32bit

suse enterprise sap 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP2	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.72.1 fixed

libcupscgi1

suse enterprise desktop 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise desktop 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP2	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.72.1 fixed

libcupsimage2

suse enterprise desktop 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise desktop 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP2	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.72.1 fixed

libcupsmime1

suse enterprise desktop 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise desktop 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP2	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.72.1 fixed

libcupsppdc1

suse enterprise desktop 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise desktop 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP2	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP3	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.72.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.72.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

cups

RHEL 8	1:2.2.6-64.el8_10 fixed
RHEL 9	1:2.3.3op2-33.el9_6.1 fixed

cups-client

RHEL 8	1:2.2.6-64.el8_10 fixed
RHEL 9	1:2.3.3op2-33.el9_6.1 fixed

cups-devel

RHEL 8	1:2.2.6-64.el8_10 fixed
RHEL 9	1:2.3.3op2-33.el9_6.1 fixed

cups-filesystem

RHEL 8	1:2.2.6-64.el8_10 fixed
RHEL 9	1:2.3.3op2-33.el9_6.1 fixed

cups-ipptool

RHEL 8	1:2.2.6-64.el8_10 fixed
RHEL 9	1:2.3.3op2-33.el9_6.1 fixed

cups-libs

RHEL 8	1:2.2.6-64.el8_10 fixed
RHEL 9	1:2.3.3op2-33.el9_6.1 fixed

cups-lpd

RHEL 8	1:2.2.6-64.el8_10 fixed
RHEL 9	1:2.3.3op2-33.el9_6.1 fixed

cups-printerapp

RHEL 9

1:2.3.3op2-33.el9_6.1

fixed

Known Exploits!

https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d

https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4

http://www.openwall.com/lists/oss-security/2025/09/11/2

https://lists.debian.org/debian-lts-announce/2025/09/msg00013.html