CVE-2025-12382 | THREATINT

Description

Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).

PUBLISHED Reserved 2025-10-28 | Published 2025-11-12 | Updated 2025-11-13 | Assigner AlgoSec

HIGH: 7.3CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/RE:L/U:Amber

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

A33.0 (up to build 320)

affected

A33.10 (up to build 210)

affected

Credits

Charlie Lindholm finder

References

techdocs.algosec.com/...t/tech-notes/cves/cve-2025-12382.htm

cve.org (CVE-2025-12382)

nvd.nist.gov (CVE-2025-12382)

Download JSON