CVE-2025-67858

EUVD-2026-1509
A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`.
This issue affects Foomuuri: from ? before 0.31.
Argument Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Debian logo
Debian Releases
Debian Product
Codename
foomuuri
forky
0.31-1
fixed
sid
0.31-1
fixed
trixie
vulnerable
trixie (security)
0.27-2+deb13u1
fixed
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67858
https://security.opensuse.org/2026/01/07/foomuuri-lack-of-dbus-authorization.html