CVE-2025-58364 affects OpenPrinting CUPS, an open-source printing system widely used on Linux and Unix-like operating systems. The vulnerability is due to improper input validation (CWE-20) and unsafe deserialization of printer attributes, which leads to a null pointer dereference (CWE-476) in the libcups library. This flaw can be triggered remotely within the local subnet by sending crafted printer attribute data, causing cups and cups-browsed daemons to crash and resulting in denial of service. The default configuration of CUPS allows machines on the local network to listen for printer broadcasts, making all such machines susceptible. If systems have not patched the related CVE-2024-47176 vulnerability and have exposed IPP ports to the public internet without firewall restrictions, remote exploitation beyond the local subnet is possible. The vulnerability has a CVSS v3.1 base score of 6.5, indicating medium severity, with an attack vector of adjacent network, low attack complexity, no privileges or user interaction required, and impact limited to availability. The issue was fixed in version 2.4.13 of CUPS. No known exploits have been observed in the wild, but the vulnerability poses a risk of network-wide printing service disruption in affected environments.

For European organizations, this vulnerability primarily threatens the availability of printing services across local networks. Organizations with extensive Linux or Unix-like infrastructure that rely on networked printers using vulnerable CUPS versions may experience widespread service outages if exploited. This can disrupt business operations, especially in sectors like government, education, healthcare, and manufacturing where printing remains critical. The risk escalates if legacy systems remain unpatched or if firewall configurations allow exposure of IPP ports to untrusted networks. Although confidentiality and integrity are not impacted, denial of service can lead to operational delays and increased support costs. The potential for network-wide impact within local subnets means that large enterprises or institutions with many interconnected devices are particularly vulnerable. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits given the public disclosure.

European organizations should promptly upgrade all CUPS installations to version 2.4.13 or later to apply the patch for CVE-2025-58364. Network administrators must audit firewall rules to ensure that IPP ports (typically TCP 631) are not exposed to untrusted networks, especially the public internet. Systems should be segmented to limit printer broadcast traffic to trusted subnets only. Additionally, organizations should verify that related vulnerabilities such as CVE-2024-47176 are also remediated to reduce the risk of remote exploitation. Monitoring network traffic for unusual or malformed IPP requests can help detect exploitation attempts. Employing intrusion detection/prevention systems with signatures for malformed CUPS traffic may provide early warning. Regular vulnerability scanning and asset inventory updates will help identify outdated CUPS versions. Finally, educating IT staff about the importance of patch management and network segmentation in printing infrastructure will reduce exposure.