CVE-2025-67858 is a vulnerability classified under CWE-88, indicating improper neutralization of argument delimiters. It affects the Foomuuri firewall management tool, specifically versions before 0.31. The vulnerability arises when Foomuuri processes JSON configuration data passed to the nft utility without properly sanitizing or neutralizing argument delimiters. This improper handling allows an attacker to inject or manipulate arguments within the JSON configuration, potentially altering firewall rules or causing integrity loss of the firewall configuration. Since nft is a critical Linux firewall utility, any unauthorized changes can lead to bypassing security controls, opening network ports, or disrupting firewall policies. The vulnerability does not require authentication, user interaction, or elevated privileges, but local access is necessary (AV:L). The CVSS 4.0 vector indicates low attack complexity and no privileges required, but local access limits remote exploitation. The impact on confidentiality is low, but integrity is high, and availability impact is low. No patches or known exploits are currently available, increasing the urgency for monitoring and mitigation. The vulnerability is particularly relevant for environments using Foomuuri to manage nft firewall configurations, common in Linux-based systems.

For European organizations, this vulnerability poses a significant risk to network security integrity. If exploited, attackers could manipulate firewall configurations, potentially allowing unauthorized network access, bypassing security controls, or disrupting firewall operations. This could lead to exposure of sensitive data, lateral movement within networks, or denial of service conditions. Critical infrastructure sectors such as energy, finance, and government that rely on Linux-based firewalls managed by Foomuuri are especially vulnerable. The integrity loss of firewall configurations undermines trust in perimeter defenses and could facilitate further attacks. Since exploitation requires local access, insider threats or compromised hosts are primary concerns. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits once the vulnerability is public. European organizations must assess their use of Foomuuri and nft-based firewalls to understand exposure and prioritize remediation.

1. Upgrade Foomuuri to version 0.31 or later once available, as this version addresses the vulnerability. 2. Until patches are available, restrict local access to systems running Foomuuri to trusted administrators only. 3. Implement strict access controls and monitoring on hosts managing firewall configurations to detect unauthorized changes. 4. Use file integrity monitoring tools to alert on unexpected modifications to firewall configuration files. 5. Employ network segmentation to limit the impact of compromised hosts with local access. 6. Review and harden nft firewall rules to minimize potential damage from configuration tampering. 7. Conduct regular audits of firewall configurations and logs to identify anomalies. 8. Educate system administrators about the risks of improper configuration handling and the importance of timely updates. 9. Monitor threat intelligence sources for any emerging exploits targeting this vulnerability. These steps go beyond generic advice by focusing on local access restriction, configuration integrity monitoring, and operational controls specific to Foomuuri and nft environments.