ISN 2025-41: CUPS Vulnerability
First published 1 October 2025
CVSS:3.1: 8.8 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
A security vulnerability has been found in CUPS, an open-source printing system used in IGEL OS. This affects the following product versions:
IGEL OS 12
IGEL OS 11
Details
It has been found that CUPS suffers from an authentication bypass: If the AuthType is set to anything but Basic, and the request contains an `Authorization: Basic ...` header, the password is not checked. This is tracked as CVE-2025-58060 and rated as high.
Update Instructions
OS 12: Update to the IGEL OS base system app in version 12.7.3 or newer when available from the IGEL App Portal.
OS 11: Update to IGEL OS version 11.11.100 when available.
References
CVE-2025-58060: https://nvd.nist.gov/vuln/detail/CVE-2025-58060