CVE-2025-58364
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-11-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openprinting | cups | to 2.4.13 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OpenPrinting CUPS (version 2.4.12 and earlier) involves unsafe deserialization and validation of printer attributes in the libcups library, which leads to a null dereference. This flaw can cause the cups and cups-browsed services to crash on all machines in the local network that listen for printers, resulting in a denial of service (DoS).
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by crashing the cups and cups-browsed services on all affected machines in the local network. If the system is exposed to the public internet without proper firewall restrictions and has not fixed related vulnerabilities, an attacker could exploit this remotely, causing disruption of printing services.
What immediate steps should I take to mitigate this vulnerability?
Upgrade CUPS and cups-browsed to version 2.4.13 or later, which contains the patch for CVE-2025-58364. Additionally, ensure that your firewall blocks incoming communication to the IPP port if the system is exposed to public internet, and verify that the vulnerability CVE-2024-47176 is fixed on your systems to reduce attack vectors.