CVE-2025-12382 - OpenCVE

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows Path Traversal, Code Injection.This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Algosec	Firewall Analyzer

No data.

No data.

References

Link	Providers
https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12382.htm

History

Wed, 12 Nov 2025 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Algosec Algosec firewall Analyzer
Vendors & Products		Algosec Algosec firewall Analyzer

Wed, 12 Nov 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 12 Nov 2025 09:45:00 +0000

Type	Values Removed	Values Added
Description		Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows Path Traversal, Code Injection.This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).
Title		Path Traversal Allows Remote Code Execution in AlgoSec Firewall Analyzer
Weaknesses		CWE-22
References		https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12382.htm
Metrics		cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/RE:L/U:Amber'}`

MITRE

Status: PUBLISHED

Assigner: AlgoSec

Published: 2025-11-12T09:37:01.568Z

Updated: 2025-11-12T14:18:02.565Z

Reserved: 2025-10-28T09:05:58.212Z

Link: CVE-2025-12382

Vulnrichment

Updated: 2025-11-12T14:17:34.765Z

NVD

Status : Awaiting Analysis

Published: 2025-11-12T10:15:43.100

Modified: 2025-11-12T16:19:12.850

Link: CVE-2025-12382

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12382", "assignerOrgId": "ca5f073f-8266-4d43-b3e3-6eb0bb18a738", "state": "PUBLISHED", "assignerShortName": "AlgoSec", "dateReserved": "2025-10-28T09:05:58.212Z", "datePublished": "2025-11-12T09:37:01.568Z", "dateUpdated": "2025-11-12T14:18:02.565Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux", "64 bit"], "product": "Firewall Analyzer", "vendor": "AlgoSec", "versions": [{"status": "affected", "version": "A33.0 (up to build 320)"}, {"status": "affected", "version": "A33.10 (up to build 210)"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:algosec:firewall_analyzer:a33.0:*:linux:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:algosec:firewall_analyzer:a33.0:*:64_bit:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:algosec:firewall_analyzer:a33.10:*:linux:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:algosec:firewall_analyzer:a33.10:*:64_bit:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Charlie Lindholm"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Algosec \n\n<span style=\"background-color: rgb(255, 255, 255);\">Firewall </span>\n\nAnalyzer on Linux, 64 bit allows Path Traversal, Code Injection.<p>This issue affects Algosec \n\n\n\nFirewall \n\n Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).</p>"}], "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Algosec \n\nFirewall \n\nAnalyzer on Linux, 64 bit allows Path Traversal, Code Injection.This issue affects\u00a0Algosec \n\n\n\nFirewall \n\n Analyzer: A33.0 (up to build 320), A33.10 (up to build 210)."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}, {"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 7.3, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca5f073f-8266-4d43-b3e3-6eb0bb18a738", "shortName": "AlgoSec", "dateUpdated": "2025-11-12T09:37:01.568Z"}, "references": [{"url": "https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12382.htm"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade ASMS suite to A33.0 (330 and above), A33.10 (220 and above).<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.algosec.com/en/downloads/hotfix_releases\">https://portal.algosec.com/en/downloads/hotfix_releases</a><br>\n\n<br>"}], "value": "Upgrade ASMS suite to A33.0 (330 and above), A33.10 (220 and above).\n https://portal.algosec.com/en/downloads/hotfix_releases"}], "source": {"discovery": "EXTERNAL"}, "title": "Path Traversal Allows Remote Code Execution in AlgoSec Firewall Analyzer", "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-12T14:17:21.499005Z", "id": "CVE-2025-12382", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T14:18:02.565Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12382", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-12T14:17:21.499005Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T14:17:34.765Z"}}], "cna": {"title": "Path Traversal Allows Remote Code Execution in AlgoSec Firewall Analyzer", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Charlie Lindholm"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}, {"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 7.3, "Automatable": "YES", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/RE:L/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AlgoSec", "product": "Firewall Analyzer", "versions": [{"status": "affected", "version": "A33.0 (up to build 320)"}, {"status": "affected", "version": "A33.10 (up to build 210)"}], "platforms": ["Linux", "64 bit"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade ASMS suite to A33.0 (330 and above), A33.10 (220 and above).\n https://portal.algosec.com/en/downloads/hotfix_releases", "supportingMedia": [{"type": "text/html", "value": "Upgrade ASMS suite to A33.0 (330 and above), A33.10 (220 and above).<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.algosec.com/en/downloads/hotfix_releases\">https://portal.algosec.com/en/downloads/hotfix_releases</a><br>\n\n<br>", "base64": false}]}], "references": [{"url": "https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12382.htm"}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Algosec \n\nFirewall \n\nAnalyzer on Linux, 64 bit allows Path Traversal, Code Injection.This issue affects\u00a0Algosec \n\n\n\nFirewall \n\n Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).", "supportingMedia": [{"type": "text/html", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Algosec \n\n<span style=\"background-color: rgb(255, 255, 255);\">Firewall </span>\n\nAnalyzer on Linux, 64 bit allows Path Traversal, Code Injection.<p>This issue affects Algosec \n\n\n\nFirewall \n\n Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:algosec:firewall_analyzer:a33.0:*:linux:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:algosec:firewall_analyzer:a33.0:*:64_bit:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:algosec:firewall_analyzer:a33.10:*:linux:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:algosec:firewall_analyzer:a33.10:*:64_bit:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "ca5f073f-8266-4d43-b3e3-6eb0bb18a738", "shortName": "AlgoSec", "dateUpdated": "2025-11-12T09:37:01.568Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12382", "state": "PUBLISHED", "dateUpdated": "2025-11-12T14:18:02.565Z", "dateReserved": "2025-10-28T09:05:58.212Z", "assignerOrgId": "ca5f073f-8266-4d43-b3e3-6eb0bb18a738", "datePublished": "2025-11-12T09:37:01.568Z", "assignerShortName": "AlgoSec"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Algosec \n\nFirewall \n\nAnalyzer on Linux, 64 bit allows Path Traversal, Code Injection.This issue affects\u00a0Algosec \n\n\n\nFirewall \n\n Analyzer: A33.0 (up to build 320), A33.10 (up to build 210)."}], "id": "CVE-2025-12382", "lastModified": "2025-11-12T16:19:12.850", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:X/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-11-12T10:15:43.100", "references": [{"source": "[email protected]", "url": "https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12382.htm"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Secondary"}]}