VDB
DEBIAN-CVE-2025-61915
DEBIAN-CVE-2025-61915
PUBLISHED
CVSS 6.699999809265137 MEDIUM
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
Risk Scores
CVSS v3.1
6.699999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | cups | *, 0, 2.3.3op2-3+deb11u1 |
| Debian:13 | cups | 2.4.10-3, 0, 2.4.18-1 |
| Debian:12 | cups | 2.4.7-1.2, 2.4.7-2, 2.4.7-3 |
| Debian:14 | cups | 0, 2.4.10-3, 2.4.14-1 |
Timeline
- Nov 29, 2025 CVE Published
- Apr 28, 2026 CVE Updated