Red Hat Product Security released an advisory (RHSA-2025:15701) for two vulnerabilities in CUPS on Red Hat Enterprise Linux 10. CVE-2025-58364 is a null pointer dereference in the ipp_read_io() function that can cause a remote denial of service. CVE-2025-58060 is an authentication bypass vulnerability in CUPS authorization handling, allowing unauthorized access. These vulnerabilities impact the printing system across multiple CPU architectures supported by Red Hat Enterprise Linux 10. The advisory provides updated packages to fix these issues. Red Hat classifies the security impact as important and recommends applying the update after ensuring all previous errata are installed. The advisory does not provide a CVSS score but references the CVE pages for more details. No exploits are known to be active in the wild at this time.

The null pointer dereference vulnerability (CVE-2025-58364) can cause a remote denial of service, potentially disrupting printing services. The authentication bypass vulnerability (CVE-2025-58060) could allow unauthorized users to bypass CUPS authorization controls, potentially leading to unauthorized access to printing functions or data. Both vulnerabilities affect Red Hat Enterprise Linux 10 and its variants across multiple architectures. No known exploits in the wild have been reported, but the issues are rated as high severity by Red Hat.

Red Hat has released updated CUPS packages that address these vulnerabilities. Users should apply the security update RHSA-2025:15701 for Red Hat Enterprise Linux 10 as soon as possible. Before applying the update, ensure all previously released errata relevant to the system have been applied. Follow Red Hat's official guidance at https://access.redhat.com/articles/11258 for update procedures. No additional mitigations are specified by Red Hat beyond applying the provided patches.