CVE-2025-61915 – This vulnerability allows users in the lpadmin ... (How to Fix)

Q: What is the severity of CVE-2025-61915?

CVE-2025-61915 has a CVSS score of 6.0 (MEDIUM). This vulnerability allows users in the lpadmin group to exploit an out-of-bounds write vulnerability in CUPS by modifying configuration files through the web UI. The cupsd process runs with root privileges, potentially leading to privilege escalation or system compromise. Systems running OpenPrinting CUPS versions prior to 2.4.15 are affected.

📋 TL;DR

This vulnerability allows users in the lpadmin group to exploit an out-of-bounds write vulnerability in CUPS by modifying configuration files through the web UI. The cupsd process runs with root privileges, potentially leading to privilege escalation or system compromise. Systems running OpenPrinting CUPS versions prior to 2.4.15 are affected.

💻 Affected Systems

Products:

OpenPrinting CUPS

Versions: All versions prior to 2.4.15

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user membership in lpadmin group and access to CUPS web UI. Default CUPS installations typically include lpadmin group.

📦 What is this software?

Cups by Openprinting

View all CVEs affecting Cups →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via root privilege escalation leading to arbitrary code execution, data theft, or complete system takeover.

🟠

Likely Case

Privilege escalation from lpadmin group member to root, allowing unauthorized administrative access and configuration changes.

🟢

If Mitigated

Limited impact if lpadmin group membership is tightly controlled and web UI access is restricted.

🌐 Internet-Facing: MEDIUM - Requires authenticated access via web UI, but if exposed to internet, increases attack surface.

🏢 Internal Only: HIGH - Internal users with lpadmin privileges can exploit this to gain root access on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access as lpadmin group member and knowledge of specific configuration manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.15

Vendor Advisory: https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc

Restart Required: Yes

Instructions:

1. Download CUPS 2.4.15 from official repository. 2. Stop CUPS service: 'sudo systemctl stop cups'. 3. Install new version using package manager or compile from source. 4. Restart CUPS: 'sudo systemctl start cups'. 5. Verify version with 'cups-config --version'.

🔧 Temporary Workarounds

Restrict lpadmin group membership

linux

Remove unnecessary users from lpadmin group to limit attack surface.

sudo deluser <username> lpadmin

Disable CUPS web UI

linux

Prevent access to web interface that enables configuration changes.

sudo cupsctl --no-remote-admin
sudo systemctl restart cups

🧯 If You Can't Patch

Restrict lpadmin group membership to essential users only.
Disable CUPS web UI and use command-line tools for administration.

🔍 How to Verify

Check if Vulnerable:

Check CUPS version with 'cups-config --version' or 'dpkg -l | grep cups' and verify it's below 2.4.15.

Check Version:

cups-config --version

Verify Fix Applied:

Confirm version is 2.4.15 or higher using 'cups-config --version'.

📡 Detection & Monitoring

Log Indicators:

Unusual configuration file modifications in /etc/cups/
Failed privilege escalation attempts in system logs
Unexpected cupsd process behavior

Network Indicators:

Unusual web UI access patterns to CUPS port 631
Multiple configuration change requests from single user

SIEM Query:

source="cups" AND (event="config_change" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2025-61915

CVSS v3 Score: 6.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-124

EPSS Score: 0.03% exploit probability (6.7th percentile)

Published: November 29, 2025

Last Updated: December 4, 2025

🔗 References

https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0 Patch
https://github.com/OpenPrinting/cups/releases/tag/v2.4.15 Release Notes
https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc Exploit,Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/11/27/5 Mailing List,Third Party Advisory
https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61915, you might also want to check these: