Privilege Escalation via Misconfigured Sudoers Entry for Local Users in...

6.1 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/RE:L/U:Amber

Description

Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection.

A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file.
This issue affects Firewall Analyzer: A33.0, A33.10.

Basic Information

ID CVE-2025-12381

Source AlgoSec

Published Dec 9, 2025 at 13:41

Affected Product

Vendor AlgoSec

Product Firewall Analyzer

Version A33.0 (up to build 320)

Affected Versions AlgoSec Firewall Analyzer A33.0 (up to build 320)
AlgoSec Firewall Analyzer A33.10 (up to build 220)

CWE Classification

CWE-269

References

techdocs.algosec.com /en/cves/Content/tech-notes/cves/cve-2025-12381.htm

{
    "lastseen": "",
    "description": "Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows\u00a0Privilege Escalation, Parameter Injection.\n\nA local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file.\u00a0\nThis issue affects Firewall Analyzer: A33.0, A33.10.",
    "published": "2025-12-09T13:41:53.393Z",
    "modified": "2025-12-09T13:41:53.393Z",
    "type": "cve",
    "title": "Privilege Escalation via Misconfigured Sudoers Entry for Local Users in AlgoSec Firewall Analyzer",
    "source": "AlgoSec",
    "references": "https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12381.htm",
    "id": "CVE-2025-12381",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "AlgoSec Firewall Analyzer A33.0 (up to build 320)\nAlgoSec Firewall Analyzer A33.10 (up to build 220)",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/RE:L/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Firewall Analyzer",
    "version": "A33.0 (up to build 320)",
    "vendor": "AlgoSec",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Privilege Escalation via Misconfigured Sudoers Entry for Local Users in AlgoSec Firewall Analyzer_CVE-2025-12381