Vulnerability Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openprinting | Cups | < 2.4.15 |
| Opengroup | Unix | - |
Related Weaknesses (CWE)
References
- https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359Patch
- https://github.com/OpenPrinting/cups/releases/tag/v2.4.15Release Notes
- https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfcExploitVendor Advisory
- http://www.openwall.com/lists/oss-security/2025/11/27/5Mailing ListThird Party Advisory
- https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfcExploitVendor Advisory
FAQ
What is CVE-2025-61915?
CVE-2025-61915 is a vulnerability with a CVSS score of 6.0 (MEDIUM). OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config a...
How severe is CVE-2025-61915?
CVE-2025-61915 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-61915?
Check the references section above for vendor advisories and patch information. Affected products include: Openprinting Cups, Opengroup Unix.