VIR Vulnerability Intelligence Relay

CVE-2025-67603

unknown
Published — · Modified —
💬 Discuss on Community ✚ Propose mitigation
CVSS v3
CVSS v4 NEW
not yet in upstream
VIR risk

Description

A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2025-67603 NameCVE-2025-67603 DescriptionA Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) ReferencesDSA-6095-1…

CVE-2025-67603

NameCVE-2025-67603
DescriptionA Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-6095-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
foomuuri (PTS)trixie (security), trixie0.27-2+deb13u1fixed
forky0.32-1fixed
sid0.33-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
foomuurisourcetrixie0.27-2+deb13u1DSA-6095-1
foomuurisource(unstable)0.31-1

Notes

Fixed by: https://github.com/FoobarOy/foomuuri/commit/5944a428f53a132fc343ff6792b1b7539f1c990e (v0.31)
https://www.openwall.com/lists/oss-security/2026/01/07/9

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
Fixed by: https://github.com/FoobarOy/foomuuri/commit/5944a428f53a132fc343ff6792b1b7539f1c990e (v0.31)https://www.openwall.com/lists/oss-security/2026/01/07/9

OS impact
debian Debian Fixed 3 releases
VersionStatusFixed in
trixie Fixed 0.27-2+deb13u1
sid Fixed 0.31-1
forky Fixed 0.31-1

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.