AZL-71152

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71152.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-71152

Upstream

CVE-2025-61915

Published

2025-11-29T03:15:59Z

Modified

2026-04-01T05:22:01.586082Z

Summary

CVE-2025-61915 affecting package cups for versions less than 2.3.3op2-11

Details

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-61915

Affected packages

Azure Linux:2 / cups

Package

Name: cups
Purl: pkg:rpm/azure-linux/cups

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.3op2-11

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71152.json"