{
  "threat_severity" : "Moderate",
  "public_date" : "2026-01-08T15:04:43Z",
  "bugzilla" : {
    "description" : "Foomuuri: Foomuuri: Unauthorized firewall configuration changes due to improper authorization",
    "id" : "2428017",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2428017"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-285",
  "details" : [ "A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.", "A flaw was found in Foomuuri, an application that manages firewall configurations. This Improper Authorization vulnerability allows any user to make unauthorized changes to the system's firewall settings. This could lead to a compromise of network security by allowing or blocking unintended network traffic." ],
  "statement" : "This vulnerability is rated Important for Red Hat because Foomuuri, an application managing firewall configurations, contains an improper authorization flaw. This allows any local user to make unauthorized changes to the system's firewall settings, potentially compromising network security. This affects Red Hat Community Projects including EPEL and Fedora.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-67603\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-67603\nhttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67603\nhttps://security.opensuse.org/2026/01/07/foomuuri-lack-of-dbus-authorization.html" ],
  "name" : "CVE-2025-67603",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}