Source: openfoam Version: 1912.200626-3 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for openfoam. CVE-2025-61982[0]: | An arbitrary code execution vulnerability exists in the Code Stream | directive functionality of OpenCFD OpenFOAM 2506. A specially | crafted OpenFOAM simulation file can lead to arbitrary code | execution. An attacker can provide a malicious file to trigger this | vulnerability. Reading the TALOS report in [1], I'm not sure if there can be done anything other than documenting the value more prominently, but maybe you can check with upstream on their plans? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-61982 https://www.cve.org/CVERecord?id=CVE-2025-61982 [1] https://talosintelligence.com/vulnerability_reports/TALOS-2025-2292 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
