EXECUTIVE SUMMARY:
- CVE-2025-67603:
Foomuuri, an nftables-based firewall management utility, was found to contain an authorization flaw in its D-Bus service affecting versions prior to 0.31. The vulnerability occurs due to missing client authorization checks when handling privileged D-Bus method calls. As a result, any local user on the system can invoke firewall management actions without requiring administrative privileges. This allows attackers to add, modify, or remove firewall rules that should be restricted to trusted users only. The flaw directly undermines the principle of least privilege enforced by the firewall service. Although the attack requires local access, the impact on system security is significant. This issue is tracked as CVE-2025-67603 and is rated CVSS 5.1 (Medium). Successful exploitation can lead to unauthorized manipulation of network traffic policies.
- CVE-2025-67858:
Another critical vulnerability in Foomuuri affects versions prior to 0.31 and is related to improper input validation. The flaw occurs when the application processes network interface identifiers supplied through its D-Bus interface. By crafting malicious interface names, a local attacker can inject unexpected data into the generated nftables JSON configuration. This can corrupt firewall rules and potentially weaken or disable intended network protections. The issue allows manipulation of firewall behavior beyond normal configuration boundaries. Due to the potential for significant firewall misconfiguration, the impact is considered high. This vulnerability is tracked as CVE-2025-67858 with a CVSS score of 7.0 (High). Exploitation could result in unauthorized traffic exposure or firewall bypass.
RECOMMENDATION:
