CVE-2025-67858

NameCVE-2025-67858
DescriptionA Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? before 0.31.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-6095-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
foomuuri (PTS)trixie0.27-2vulnerable
trixie (security)0.27-2+deb13u1fixed
forky, sid0.31-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
foomuurisourcetrixie0.27-2+deb13u1DSA-6095-1
foomuurisource(unstable)0.31-1

Notes

Fixed by: https://github.com/FoobarOy/foomuuri/commit/d1961f420600d133e5f1d3125deb17445e7745ac (v0.31)
https://www.openwall.com/lists/oss-security/2026/01/07/9
Search for package or bug name: Reporting problems