Path Traversal Allows Remote Code Execution in AlgoSec Firewall Analyzer

7.3 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/RE:L/U:Amber

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Algosec

Firewall

Analyzer on Linux, 64 bit allows Path Traversal, Code Injection.This issue affects Algosec

Firewall

Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).

Basic Information

ID CVE-2025-12382

Source AlgoSec

Published Nov 12, 2025 at 09:37

Modified Nov 12, 2025 at 14:18

Affected Product

Vendor AlgoSec

Product Firewall Analyzer

Version A33.0 (up to build 320)

Affected Versions AlgoSec Firewall Analyzer A33.0 (up to build 320)
AlgoSec Firewall Analyzer A33.10 (up to build 210)

CWE Classification

CWE-22

References

techdocs.algosec.com /en/cves/Content/tech-notes/cves/cve-2025-12382.htm

{
    "lastseen": "",
    "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Algosec \n\nFirewall \n\nAnalyzer on Linux, 64 bit allows Path Traversal, Code Injection.This issue affects\u00a0Algosec \n\n\n\nFirewall \n\n Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).",
    "published": "2025-11-12T09:37:01.568Z",
    "modified": "2025-11-12T14:18:02.565Z",
    "type": "cve",
    "title": "Path Traversal Allows Remote Code Execution in AlgoSec Firewall Analyzer",
    "source": "AlgoSec",
    "references": "https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12382.htm",
    "id": "CVE-2025-12382",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "AlgoSec Firewall Analyzer A33.0 (up to build 320)\nAlgoSec Firewall Analyzer A33.10 (up to build 210)",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/RE:L/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Firewall Analyzer",
    "version": "A33.0 (up to build 320)",
    "vendor": "AlgoSec",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Path Traversal Allows Remote Code Execution in AlgoSec Firewall Analyzer_CVE-2025-12382