CVE-2025-58436 – CVE-2025-58436 is a denial-of-service vulnerabi... (How to Fix)

Q: What is the severity of CVE-2025-58436?

CVE-2025-58436 has a CVSS score of 5.1 (MEDIUM). CVE-2025-58436 is a denial-of-service vulnerability in OpenPrinting CUPS where an attacker can send slow messages to the cupsd service, causing it to become unresponsive to legitimate clients. This affects all systems running CUPS versions prior to 2.4.15. The vulnerability allows resource exhaustion through slow message transmission.

📋 TL;DR

CVE-2025-58436 is a denial-of-service vulnerability in OpenPrinting CUPS where an attacker can send slow messages to the cupsd service, causing it to become unresponsive to legitimate clients. This affects all systems running CUPS versions prior to 2.4.15. The vulnerability allows resource exhaustion through slow message transmission.

💻 Affected Systems

Products:

OpenPrinting CUPS

Versions: All versions prior to 2.4.15

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Any system with CUPS enabled and accessible via network is vulnerable. Local-only CUPS installations are also vulnerable if network access is enabled.

📦 What is this software?

Cups by Openprinting

View all CVEs affecting Cups →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of printing services across the entire system, potentially affecting all users and applications that rely on CUPS for printing functionality.

🟠

Likely Case

Temporary disruption of printing services for legitimate users while the slow message attack is ongoing, with service restoration after the attack stops.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; printing services remain available to internal users while external attacks are blocked.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to CUPS service but no authentication. The attack technique is simple but requires sustained connection.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.15

Vendor Advisory: https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr

Restart Required: Yes

Instructions:

1. Backup current CUPS configuration. 2. Update CUPS to version 2.4.15 using your distribution's package manager. 3. Restart the cupsd service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to CUPS service to trusted networks only

sudo ufw deny 631/tcp
sudo iptables -A INPUT -p tcp --dport 631 -j DROP

Rate Limiting

linux

Implement rate limiting for CUPS connections using network controls

sudo iptables -A INPUT -p tcp --dport 631 -m limit --limit 10/min --limit-burst 20 -j ACCEPT

🧯 If You Can't Patch

Implement strict network segmentation to isolate CUPS services from untrusted networks
Deploy network monitoring and intrusion detection systems to detect slow message attacks

🔍 How to Verify

Check if Vulnerable:

Check CUPS version with 'cups-config --version' or 'dpkg -l | grep cups' and compare to 2.4.15

Check Version:

cups-config --version || dpkg -l | grep cups || rpm -q cups

Verify Fix Applied:

Verify CUPS version is 2.4.15 or higher and test printing functionality

📡 Detection & Monitoring

Log Indicators:

Unusually slow client connections in CUPS logs
Multiple failed connection attempts from single IP
Extended connection durations in access logs

Network Indicators:

Sustained low-bandwidth connections to port 631
Multiple TCP connections to CUPS from single source

SIEM Query:

source="cupsd" AND (connection_duration>300 OR bytes_per_second<10)

📊 Metadata

CVE ID: CVE-2025-58436

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.02% exploit probability (4.8th percentile)

Published: November 29, 2025

Last Updated: December 4, 2025

🔗 References

https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4 Patch
https://github.com/OpenPrinting/cups/releases/tag/v2.4.15 Release Notes
https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr Exploit,Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/11/27/4 Mailing List,Third Party Advisory
https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58436, you might also want to check these: