CVE-2025-58364: CWE-20: Improper Input Validation in OpenPrinting cups
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector "Network" is possible. The current versions of CUPS and cups-browsed projects have the attack vector "Adjacent" in their default configurations. Version 2.4.13 contains a patch for CVE-2025-58364.
AI Analysis
Technical Summary
CVE-2025-58364 is a medium severity vulnerability affecting OpenPrinting's CUPS (Common UNIX Printing System) versions prior to 2.4.13. The flaw arises from improper input validation and unsafe deserialization of printer attributes within the libcups library, leading to a null pointer dereference (CWE-476) and ultimately causing a denial of service (DoS) condition. This vulnerability can be triggered remotely within a local subnet due to default configurations where machines listen for printer broadcasts. When exploited, it causes the cups and cups-browsed services to crash on all affected machines in the local network, disrupting printing services. The vulnerability is exacerbated on systems that have not patched a related issue (CVE-2024-47176) and where firewalls do not block incoming IPP (Internet Printing Protocol) port traffic, potentially allowing network-based exploitation from outside the local subnet if the machine is exposed to the public internet. The attack vector is primarily adjacent network (AV:A), requiring no privileges or user interaction, and impacts availability without affecting confidentiality or integrity. The patched version 2.4.13 addresses this issue. No known exploits are currently reported in the wild.
Potential Impact
For European organizations, this vulnerability poses a significant risk to operational continuity, especially in environments heavily reliant on Linux or Unix-like systems with default CUPS configurations. The denial of service can disrupt printing infrastructure across local networks, affecting business processes that depend on printing services such as document handling, invoicing, and administrative workflows. In critical sectors like healthcare, finance, and government, such disruptions could delay essential operations. Additionally, if systems remain unpatched and exposed to the internet without proper firewall restrictions, attackers could remotely trigger DoS attacks, expanding the threat beyond local networks. While the vulnerability does not compromise data confidentiality or integrity, the availability impact can lead to productivity losses and potential reputational damage. The lack of required privileges or user interaction lowers the barrier for exploitation within local networks, increasing the likelihood of attack in poorly secured environments.
Mitigation Recommendations
European organizations should prioritize upgrading CUPS installations to version 2.4.13 or later to apply the official patch addressing CVE-2025-58364. Network administrators must audit firewall configurations to ensure that IPP ports (typically TCP 631) are blocked from untrusted networks, especially the public internet, to prevent remote exploitation. Disabling or restricting cups-browsed and printer discovery services on machines where printing is not required can reduce the attack surface. Implementing network segmentation to isolate printing services from general user networks can limit the impact of potential attacks. Monitoring logs for unusual crashes or service restarts related to cups or cups-browsed can help detect exploitation attempts. Additionally, organizations should verify that related vulnerabilities such as CVE-2024-47176 are also mitigated to avoid compounded risks. Regular vulnerability scanning and patch management processes should include CUPS and associated printing components to maintain security posture.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Belgium, Austria
CVE-2025-58364: CWE-20: Improper Input Validation in OpenPrinting cups
Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector "Network" is possible. The current versions of CUPS and cups-browsed projects have the attack vector "Adjacent" in their default configurations. Version 2.4.13 contains a patch for CVE-2025-58364.
AI-Powered Analysis
Technical Analysis
CVE-2025-58364 is a medium severity vulnerability affecting OpenPrinting's CUPS (Common UNIX Printing System) versions prior to 2.4.13. The flaw arises from improper input validation and unsafe deserialization of printer attributes within the libcups library, leading to a null pointer dereference (CWE-476) and ultimately causing a denial of service (DoS) condition. This vulnerability can be triggered remotely within a local subnet due to default configurations where machines listen for printer broadcasts. When exploited, it causes the cups and cups-browsed services to crash on all affected machines in the local network, disrupting printing services. The vulnerability is exacerbated on systems that have not patched a related issue (CVE-2024-47176) and where firewalls do not block incoming IPP (Internet Printing Protocol) port traffic, potentially allowing network-based exploitation from outside the local subnet if the machine is exposed to the public internet. The attack vector is primarily adjacent network (AV:A), requiring no privileges or user interaction, and impacts availability without affecting confidentiality or integrity. The patched version 2.4.13 addresses this issue. No known exploits are currently reported in the wild.
Potential Impact
For European organizations, this vulnerability poses a significant risk to operational continuity, especially in environments heavily reliant on Linux or Unix-like systems with default CUPS configurations. The denial of service can disrupt printing infrastructure across local networks, affecting business processes that depend on printing services such as document handling, invoicing, and administrative workflows. In critical sectors like healthcare, finance, and government, such disruptions could delay essential operations. Additionally, if systems remain unpatched and exposed to the internet without proper firewall restrictions, attackers could remotely trigger DoS attacks, expanding the threat beyond local networks. While the vulnerability does not compromise data confidentiality or integrity, the availability impact can lead to productivity losses and potential reputational damage. The lack of required privileges or user interaction lowers the barrier for exploitation within local networks, increasing the likelihood of attack in poorly secured environments.
Mitigation Recommendations
European organizations should prioritize upgrading CUPS installations to version 2.4.13 or later to apply the official patch addressing CVE-2025-58364. Network administrators must audit firewall configurations to ensure that IPP ports (typically TCP 631) are blocked from untrusted networks, especially the public internet, to prevent remote exploitation. Disabling or restricting cups-browsed and printer discovery services on machines where printing is not required can reduce the attack surface. Implementing network segmentation to isolate printing services from general user networks can limit the impact of potential attacks. Monitoring logs for unusual crashes or service restarts related to cups or cups-browsed can help detect exploitation attempts. Additionally, organizations should verify that related vulnerabilities such as CVE-2024-47176 are also mitigated to avoid compounded risks. Regular vulnerability scanning and patch management processes should include CUPS and associated printing components to maintain security posture.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-08-29T16:19:59.011Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68c307eebb38cc0521773a82
Added to database: 9/11/2025, 5:33:34 PM
Last enriched: 9/11/2025, 5:34:02 PM
Last updated: 9/11/2025, 5:45:27 PM
Views: 2
Related Threats
CVE-2025-9319: CWE-494: Download of Code Without Integrity Check in Lenovo Wallpaper Client
HighCVE-2025-9214: CWE-306: Missing Authentication for Critical Function in Lenovo LJ2206W Printer
MediumCVE-2025-9201: CWE-427: Uncontrolled Search Path Element in Lenovo Browser
HighCVE-2025-8557: CWE-420: Unprotected Alternate Channel in Lenovo XClarity Orchestrator (LXCO)
HighCVE-2025-8061: CWE-782: Exposed IOCTL with Insufficient Access Control in Lenovo Dispatcher 3.0 Driver
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.