CVE-2025-12381 | THREATINT

Description

Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This issue affects Firewall Analyzer: A33.0, A33.10.

PUBLISHED Reserved 2025-10-28 | Published 2025-12-09 | Updated 2025-12-09 | Assigner AlgoSec

MEDIUM: 6.1CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/RE:L/U:Amber

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

unaffected

A33.0 (up to build 320)

affected

A33.10 (up to build 220)

affected

Credits

Charlie Lindholm finder

References

techdocs.algosec.com/...t/tech-notes/cves/cve-2025-12381.htm

cve.org (CVE-2025-12381)

nvd.nist.gov (CVE-2025-12381)

Download JSON