DEBIAN-CVE-2025-67858

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-67858

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-67858.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-67858

Upstream

CVE-2025-67858

Downstream

DSA-6095-1

Published

2026-01-08T16:15:47.003Z

Modified

2026-01-10T04:18:37.228854Z

Severity

7.0 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31.

References

https://security-tracker.debian.org/tracker/CVE-2025-67858

Affected packages

Debian:13 / foomuuri

Package

Name: foomuuri
Purl: pkg:deb/debian/foomuuri?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.27-2+deb13u1

Affected versions

0.*

0.27-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-67858.json"

Debian:14 / foomuuri

Package

Name: foomuuri
Purl: pkg:deb/debian/foomuuri?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.31-1

Affected versions

0.*

0.27-2

0.28-1~bpo13+1

0.28-1

0.29-1~bpo13+1

0.29-1

0.30-1~bpo13+1

0.30-1

0.31-1~bpo13+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-67858.json"