CVE-2025-67858

Опубликовано: 08 янв. 2026

Источник: redhat

CVSS3: 7.8

Описание

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31.

A flaw was found in Foomuuri. A local user can exploit this vulnerability by manipulating the JSON configuration passed to nft. This improper neutralization of argument delimiters can lead to the integrity loss of the firewall configuration or other unspecified impacts.

Отчет

This vulnerability is rated Important for Red Hat's Community Projects because a local user can exploit an improper neutralization of argument delimiters in Foomuuri. This flaw allows manipulation of the JSON configuration passed to nft, leading to integrity loss of the firewall configuration. This could result in unauthorized network access or other unspecified impacts on affected systems running Foomuuri.

Меры по смягчению последствий

To mitigate this vulnerability, if the Foomuuri package is not essential for system operation, consider removing it. For systems where Foomuuri is required, ensure that only trusted administrators have local access, as exploitation requires local interaction to manipulate firewall configurations.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-88

https://bugzilla.redhat.com/show_bug.cgi?id=2428023Foomuuri: Foomuuri: Integrity loss of firewall configuration via improper neutralization of argument delimiters

7.8 High

CVSS3