{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-67603", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "state": "PUBLISHED", "assignerShortName": "suse", "dateReserved": "2025-12-09T14:05:21.453Z", "datePublished": "2026-01-08T15:04:43.116Z", "dateUpdated": "2026-01-08T15:41:26.526Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Foomuuri", "product": "Foomuuri", "vendor": "https://github.com/FoobarOy/", "versions": [{"lessThan": "0.31", "status": "affected", "version": "?", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Matthias Gerstner of SUSE"}], "datePublic": "2026-01-07T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Improper Authorization vulnerability in Foomuuri&nbsp;llows arbitrary users to influence the firewall configuration.<p>This issue affects Foomuuri: from ? before 0.31.</p>"}], "value": "A Improper Authorization vulnerability in Foomuuri\u00a0llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.1, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285: Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-01-08T15:05:25.193Z"}, "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67603"}, {"url": "https://security.opensuse.org/2026/01/07/foomuuri-lack-of-dbus-authorization.html"}], "source": {"discovery": "INTERNAL"}, "title": "Lack of client authorization allows arbitrary users to influence the firewall configuration", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-08T15:41:06.686787Z", "id": "CVE-2025-67603", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T15:41:26.526Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-67603", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-08T15:41:06.686787Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T15:41:16.632Z"}}], "cna": {"title": "Lack of client authorization allows arbitrary users to influence the firewall configuration", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Matthias Gerstner of SUSE"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "https://github.com/FoobarOy/", "product": "Foomuuri", "versions": [{"status": "affected", "version": "?", "lessThan": "0.31", "versionType": "semver"}], "packageName": "Foomuuri", "defaultStatus": "unaffected"}], "datePublic": "2026-01-07T11:00:00.000Z", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67603"}, {"url": "https://security.opensuse.org/2026/01/07/foomuuri-lack-of-dbus-authorization.html"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A Improper Authorization vulnerability in Foomuuri\u00a0llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.", "supportingMedia": [{"type": "text/html", "value": "A Improper Authorization vulnerability in Foomuuri&nbsp;llows arbitrary users to influence the firewall configuration.<p>This issue affects Foomuuri: from ? before 0.31.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285: Improper Authorization"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-01-08T15:05:25.193Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67603", "state": "PUBLISHED", "dateUpdated": "2026-01-08T15:41:26.526Z", "dateReserved": "2025-12-09T14:05:21.453Z", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "datePublished": "2026-01-08T15:04:43.116Z", "assignerShortName": "suse"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Improper Authorization vulnerability in Foomuuri\u00a0llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31."}], "id": "CVE-2025-67603", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2026-01-08T15:15:43.867", "references": [{"source": "meissner@suse.de", "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67603"}, {"source": "meissner@suse.de", "url": "https://security.opensuse.org/2026/01/07/foomuuri-lack-of-dbus-authorization.html"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "meissner@suse.de", "type": "Primary"}]}

{"bugzilla": {"description": "Foomuuri: Foomuuri: Unauthorized firewall configuration changes due to improper authorization", "id": "2428017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428017"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-285", "details": ["A flaw was found in Foomuuri, an application that manages firewall configurations. This Improper Authorization vulnerability allows any user to make unauthorized changes to the system's firewall settings. This could lead to a compromise of network security by allowing or blocking unintended network traffic."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2025-67603", "public_date": "2026-01-08T15:04:43Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-67603\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-67603\nhttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67603\nhttps://security.opensuse.org/2026/01/07/foomuuri-lack-of-dbus-authorization.html"], "statement": "This vulnerability is rated Important for Red Hat because Foomuuri, an application managing firewall configurations, contains an improper authorization flaw. This allows any local user to make unauthorized changes to the system's firewall settings, potentially compromising network security. This affects Red Hat Community Projects including EPEL and Fedora.", "threat_severity": "Moderate"}

{}