CVE-2025-61982
Arbitrary Code Execution in OpenCFD OpenFOAM 2506 Directive
Publication date: 2026-02-18
Last updated on: 2026-02-18
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opencfd | openfoam | 2506 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-61982 is an arbitrary code execution vulnerability found in the Code Stream directive functionality of OpenCFD OpenFOAM version 2506.
OpenFOAM uses dictionary files to specify simulation settings, and these files can include a special directive called #codeStream that allows embedding arbitrary C++ code.
This embedded code is automatically compiled and executed during simulation, which can include dangerous calls such as system(), enabling an attacker to execute arbitrary code remotely by providing a specially crafted simulation file.
By default, the configuration option allowSystemOperations is set to true, allowing this automatic code execution without warning, which makes the system vulnerable.
Mitigation involves setting allowSystemOperations to false in the OpenFOAM configuration file to disable this behavior.
How can this vulnerability impact me? :
This vulnerability allows an attacker to execute arbitrary code on the system running OpenFOAM by supplying a malicious simulation file.
Successful exploitation can lead to full compromise of confidentiality, integrity, and availability of the affected system.
- Confidentiality impact: attacker can access sensitive data.
- Integrity impact: attacker can modify or corrupt data or simulation results.
- Availability impact: attacker can disrupt or disable the simulation software or the host system.
The vulnerability has a high CVSS score of 7.8, indicating a serious security risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by inspecting OpenFOAM configuration files for the presence and value of the allowSystemOperations option. Since the vulnerability arises from the automatic execution of code embedded via the #codeStream directive in dictionary files, checking whether allowSystemOperations is set to true (or absent, which defaults to true) is critical.'}, {'type': 'paragraph', 'content': 'A practical detection method is to search for the allowSystemOperations setting in OpenFOAM configuration files and verify if it is set to false. Additionally, scanning for the presence of #codeStream directives in simulation dictionary files can help identify potentially malicious or vulnerable configurations.'}, {'type': 'list_item', 'content': 'Use grep or similar commands to find the allowSystemOperations setting, for example: grep -r allowSystemOperations /path/to/OpenFOAM/'}, {'type': 'list_item', 'content': "Search for #codeStream directives in dictionary files: grep -r '#codeStream' /path/to/OpenFOAM/"}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to explicitly disable the automatic execution of arbitrary code by setting the allowSystemOperations option to false in the OpenFOAM configuration files.
- Edit the relevant OpenFOAM configuration file(s) and add or modify the line: allowSystemOperations 0
This setting prevents the automatic compilation and execution of embedded C++ code via the #codeStream directive, effectively mitigating the vulnerability.