CVE-2025-58060 is an authentication bypass vulnerability in the OpenPrinting CUPS (Common UNIX Printing System) software, affecting versions earlier than 2.4.13. The vulnerability arises from improper handling of the Authorization header when the AuthType configuration is set to any value other than Basic. Specifically, if a client sends an Authorization: Basic header, the system fails to validate the password, effectively bypassing authentication checks. This flaw is categorized under CWE-287 (Improper Authentication). The vulnerability allows an attacker with local network or system access to perform unauthorized actions on the printing system, such as submitting print jobs, modifying printer configurations, or potentially escalating privileges depending on the deployment context. The CVSS v3.1 score is 8.0 (high), reflecting the local attack vector, low attack complexity, no privileges required, no user interaction, and significant impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild, but the vulnerability is publicly disclosed and fixed in version 2.4.13. The issue is critical in environments where CUPS is exposed to multiple users or network segments, as it undermines the authentication mechanism designed to protect printing resources.

For European organizations, this vulnerability poses a significant risk to the security and reliability of printing infrastructure, especially in sectors where sensitive documents are handled, such as government, finance, healthcare, and critical infrastructure. Unauthorized access to printing services can lead to leakage of confidential information, unauthorized document printing or modification, and disruption of printing availability. In multi-user environments like universities, enterprises, or public institutions, attackers could exploit this flaw to bypass authentication and perform malicious actions without detection. The impact extends to potential lateral movement within networks if attackers leverage compromised printing systems as footholds. Given the widespread use of Linux and Unix-like systems in European IT environments, the vulnerability could affect a broad range of organizations, particularly those with outdated CUPS versions. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits following public disclosure.

European organizations should immediately verify their CUPS versions and upgrade to version 2.4.13 or later, where the authentication bypass is fixed. For environments where immediate patching is not feasible, administrators should review and restrict AuthType configurations to Basic only, if compatible with operational requirements, to avoid triggering the vulnerability. Network segmentation and access controls should be enforced to limit local network access to printing servers, reducing the attack surface. Monitoring and logging of printing service access should be enhanced to detect unusual or unauthorized activities. Additionally, organizations should implement strict user access policies and consider deploying host-based intrusion detection systems to identify exploitation attempts. Regular vulnerability scanning and configuration audits focusing on CUPS and related services are recommended to ensure compliance and early detection of vulnerable instances.