CVE-2025-67603 - Vulnerability Details

A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67603
https://nvd.nist.gov/vuln/detail/CVE-2025-67603
https://security.opensuse.org/2026/01/07/foomuuri-lack-of-dbus-authorization.html
https://www.cve.org/CVERecord?id=CVE-2025-67603

History

Fri, 09 Jan 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-67603 https://www.cve.org/CVERecord?id=CVE-2025-67603
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H'}` threat_severity `Moderate`

Thu, 08 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 08 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.
Title		Lack of client authorization allows arbitrary users to influence the firewall configuration
Weaknesses		CWE-285
References		https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67603 https://security.opensuse.org/2026/01/07/foomuuri-lack-of-dbus-authorization.html
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2026-01-08T15:04:43.116Z

Updated: 2026-01-08T15:41:26.526Z

Reserved: 2025-12-09T14:05:21.453Z

Link: CVE-2025-67603

Vulnrichment

Updated: 2026-01-08T15:41:16.632Z

NVD

Status : Awaiting Analysis

Published: 2026-01-08T15:15:43.867

Modified: 2026-01-08T18:08:18.457

Link: CVE-2025-67603

Redhat

Severity : Moderate

Publid Date: 2026-01-08T15:04:43Z

Links: CVE-2025-67603 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object