Bug#1128475: openfoam: CVE-2025-61982
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 20 07:54:49 GMT 2026
Source: openfoam
Version: 1912.200626-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for openfoam.
CVE-2025-61982[0]:
| An arbitrary code execution vulnerability exists in the Code Stream
| directive functionality of OpenCFD OpenFOAM 2506. A specially
| crafted OpenFOAM simulation file can lead to arbitrary code
| execution. An attacker can provide a malicious file to trigger this
| vulnerability.
Reading the TALOS report in [1], I'm not sure if there can be done
anything other than documenting the value more prominently, but maybe
you can check with upstream on their plans?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-61982
https://www.cve.org/CVERecord?id=CVE-2025-61982
[1] https://talosintelligence.com/vulnerability_reports/TALOS-2025-2292
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the debian-science-maintainers
mailing list