CVE-2025-61915
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-29

Last updated on: 2025-12-04

Assigner: GitHub, Inc.

Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-29
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-11-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-61915
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
openprinting cups to 2.4.15 (exc)
opengroup unix *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CWE-124 The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in OpenPrinting CUPS allows a user in the lpadmin group to use the cups web UI to modify the configuration by inserting a malicious line. When the cupsd process, which runs as root, parses this new configuration, it causes an out-of-bound write, potentially leading to a denial of service or other impacts. The issue was fixed in version 2.4.15.

Impact Analysis

The vulnerability can cause the cupsd process to perform an out-of-bound write, which may lead to a denial of service or other unexpected behavior on the system. Since cupsd runs as root, this could affect system stability or security.

Mitigation Strategies

Upgrade OpenPrinting CUPS to version 2.4.15 or later, as this version contains the patch for the vulnerability. Additionally, restrict lpadmin group membership to trusted users only to minimize risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61915. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart