The Foomuuri firewall's D-Bus service contains two vulnerabilities (CVE-2025-67603 and CVE-2025-67858) allowing unprivileged local attackers to manipulate firewall configurations due to insufficient authorization enforcement and improper interface name validation. The vulnerabilities affect Ubuntu 25.10 and 24.04 LTS, and the fixes require updating to specific package versions, such as foomuuri version 0.27-2+deb13u1build0.25.10.1 for Ubuntu 25.10, followed by a service restart.
Ubuntu Security Notices USN-8326-1 USN-8326-1: Foomuuri vulnerabilities Publication date 27 May 2026 Overview Several security issues were fixed in Foomuuri. Releases 25.10 24.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Packages foomuuri - multizone bidirectional nftables firewall Details Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly enforce authorization. An unprivileged local attacker could possibly use this issue to manipulate the firewall configuration, contrary to expectations. ( CVE-2025-67603 ) Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly validate interface names. A local attacker could possibly use this issue to manipulate the firewall configuration in unintended ways. ( CVE-2025-67858 ) Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly enforce authorization. An unprivileged local attacker could possibly use this issue to manipulate the firewall configuration, contrary to expectations. ( CVE-2025-67603 ) Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly validate interface names. A local attacker could possibly use this issue to manipulate the firewall configuration in unintended ways. ( CVE-2025-67858 ) Update instructions After a standard system update you need to restart Foomuuri to make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 25.10 questing foomuuri – 0.27-2+deb13u1build0.25.10.1 foomuuri-firewalld – 0.27-2+deb13u1build0.25.10.1 24.04 LTS noble foomuuri – 0.22-1ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. foomuuri-firewalld – 0.22-1ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2025-67858 CVE-2025-67603 CVE-2025-67858 CVE-2025-67603