{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-58060","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-08-22T14:30:32.222Z","datePublished":"2025-09-11T17:06:32.899Z","dateUpdated":"2025-11-04T21:13:22.294Z"},"containers":{"cna":{"title":"cups has Authentication bypass with AuthType Negotiate","problemTypes":[{"descriptions":[{"cweId":"CWE-287","lang":"en","description":"CWE-287: Improper Authentication","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq","tags":["x_refsource_CONFIRM"],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq"},{"name":"https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221","tags":["x_refsource_MISC"],"url":"https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221"}],"affected":[{"vendor":"OpenPrinting","product":"cups","versions":[{"version":"< 2.4.13","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2025-09-11T17:25:02.915Z"},"descriptions":[{"lang":"en","value":"OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue."}],"source":{"advisory":"GHSA-4c68-qgrh-rmmq","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-11T17:33:32.502303Z","id":"CVE-2025-58060","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-11T17:35:59.645Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00013.html"},{"url":"http://www.openwall.com/lists/oss-security/2025/09/11/1"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T21:13:22.294Z"}}]}}