Description
A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`.
This issue affects Foomuuri: from ? before 0.31.
Published: 2026-01-08
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6095-1 foomuuri security update
Ubuntu USN Ubuntu USN USN-8326-1 Foomuuri vulnerabilities
History

Fri, 09 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important


Thu, 08 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 08 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
Description A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? before 0.31.
Title A crafted "interface" input parameter can lead to integrity loss of the firewall configuration
Weaknesses CWE-88
References
Metrics cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: suse

Published:

Updated: 2026-01-08T15:39:49.947Z

Reserved: 2025-12-12T14:23:59.780Z

Link: CVE-2025-67858

cve-icon Vulnrichment

Updated: 2026-01-08T15:39:42.168Z

cve-icon NVD

Status : Deferred

Published: 2026-01-08T16:15:47.003

Modified: 2026-06-17T09:58:11.890

Link: CVE-2025-67858

cve-icon Redhat

Severity : Important

Publid Date: 2026-01-08T15:23:46Z

Links: CVE-2025-67858 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-88

    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')