{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-61915", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-10-03T22:21:59.614Z", "datePublished": "2025-11-29T02:15:39.913Z", "dateUpdated": "2025-12-03T15:52:35.319Z"}, "containers": {"cna": {"title": "OpenPrinting CUPS vulnerable to stack based out-of-bound write", "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "lang": "en", "description": "CWE-129: Improper Validation of Array Index", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-124", "lang": "en", "description": "CWE-124: Buffer Underwrite ('Buffer Underflow')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc"}, {"name": "https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0"}, {"name": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15"}], "affected": [{"vendor": "OpenPrinting", "product": "cups", "versions": [{"version": "< 2.4.15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-29T02:15:39.913Z"}, "descriptions": [{"lang": "en", "value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15."}], "source": {"advisory": "GHSA-hxm8-vfpq-jrfc", "discovery": "UNKNOWN"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/11/27/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-29T02:34:46.323Z"}}, {"references": [{"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-03T15:52:31.413369Z", "id": "CVE-2025-61915", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-03T15:52:35.319Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/11/27/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-29T02:34:46.323Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-61915", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-03T15:52:31.413369Z"}}}], "references": [{"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-03T15:52:27.440Z"}}], "cna": {"title": "OpenPrinting CUPS vulnerable to stack based out-of-bound write", "source": {"advisory": "GHSA-hxm8-vfpq-jrfc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OpenPrinting", "product": "cups", "versions": [{"status": "affected", "version": "< 2.4.15"}]}], "references": [{"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc", "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0", "name": "https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15", "name": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129: Improper Validation of Array Index"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-124", "description": "CWE-124: Buffer Underwrite ('Buffer Underflow')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-29T02:15:39.913Z"}}}, "cveMetadata": {"cveId": "CVE-2025-61915", "state": "PUBLISHED", "dateUpdated": "2025-12-03T15:52:35.319Z", "dateReserved": "2025-10-03T22:21:59.614Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-11-29T02:15:39.913Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D93D152-B5C1-4CD1-B7E9-785A55F3BE93", "versionEndExcluding": "2.4.15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15."}], "id": "CVE-2025-61915", "lastModified": "2025-12-04T17:15:19.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-11-29T03:15:59.520", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2025/11/27/5"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-124"}, {"lang": "en", "value": "CWE-129"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "CUPS: Local denial-of-service via cupsd.conf update and related issues", "id": "2416039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416039"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1173", "details": ["OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.", "A flaw was found in cups. A user in group defined by SystemGroup directive in /etc/cups/cups-files.conf can use the cups web ui to change the config \nand insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-61915", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-11-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-61915\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-61915"], "statement": "The highest threat of this flaw is to system availability. A local attacker with high privileges, specifically a user belonging to the `SystemGroup` as defined in `/etc/cups/cups-files.conf`, could exploit the CUPS web interface to introduce a malicious configuration line into `cupsd.conf`, leading to a denial of service.", "threat_severity": "Moderate"}