Foomuuri firewall has critical vulnerabilities
TL;DR: Two vulnerabilities have been discovered in the Foomuuri firewall tool. The flaws allow a local, unprivileged attacker to bypass security measures and manipulate firewall configurations. The issues stem from improper authorization and validation within Foomuuri's D-Bus service, creating a significant privilege escalation risk.
Key facts
- Category
- Cybersecurity
- Impact
- High
- Published
- Source
- Ubuntu Security Notices
Full summary
Vulnerabilities in the Foomuuri firewall tool allow local attackers to bypass security and manipulate rules, creating a privilege escalation risk.
Security researchers have identified two significant vulnerabilities in Foomuuri, a firewall management tool. The flaws reside in the tool's D-Bus service, a system for inter-process communication. The first vulnerability (CVE-2025-67603) involves improper authorization enforcement, allowing an attacker to send commands without the required permissions. The second issue stems from the D-Bus service failing to properly validate interface names. Combined, these weaknesses permit a local attacker with low-level access to manipulate the system's firewall configuration, a task that should be restricted to privileged users.
The primary impact of these vulnerabilities is local privilege escalation. An unprivileged user on a system running Foomuuri could exploit these flaws to gain control over the firewall. This would allow them to open or close ports, redirect traffic, or disable security protections entirely, potentially exposing sensitive services or creating a pathway for further attacks. This poses a serious risk for any organization using Foomuuri, especially in shared environments like development servers or multi-tenant systems. IT administrators and security teams must address these issues to prevent unauthorized modification of their network security posture.
Why it matters
The vulnerabilities allow a low-privilege local user to gain control over a system's firewall, a critical security component. This can lead to unauthorized network access, data exposure, and further system compromise, undermining the integrity of the server's defenses.
Business impact
A compromised firewall can expose internal services to the internet, lead to data breaches, and disrupt operations. For businesses relying on Foomuuri for server security, this vulnerability increases the risk of a successful cyberattack originating from a compromised low-level account, potentially leading to significant financial and reputational damage.
⚡ Action needed
Users of the Foomuuri firewall tool should update to a patched version as soon as possible to mitigate the risk of local privilege escalation.
Action checklist
- 1Identify all systems running the Foomuuri firewall tool.
- 2Check the installed version against the patched versions mentioned in the security advisory.
- 3Apply the necessary updates or patches provided by your distribution.
- 4Verify that the D-Bus service policies for Foomuuri are correctly enforced post-update.
- 5Review system logs for any signs of unauthorized firewall manipulation.
Tags
Related on Notifire
Related stories
Primary source: Ubuntu Security Notices