CVE-2025-12382

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-12382
Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12382.htm Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:algosec:firewall_analyzer:a33.0:-:*:*:*:*:*:*
cpe:2.3:a:algosec:firewall_analyzer:a33.0:build320:*:*:*:*:*:*
cpe:2.3:a:algosec:firewall_analyzer:a33.10:-:*:*:*:*:*:*
cpe:2.3:a:algosec:firewall_analyzer:a33.10:build210:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*
History

11 Dec 2025, 18:37

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.4 		v2 : unknown
v3 : 8.8

11 Dec 2025, 18:20

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.4
First Time Algosec firewall Analyzer
Linux
Algosec
Linux linux Kernel
CPE cpe:2.3:a:algosec:firewall_analyzer:a33.0:build320:*:*:*:*:*:*
cpe:2.3:a:algosec:firewall_analyzer:a33.10:-:*:*:*:*:*:*
cpe:2.3:a:algosec:firewall_analyzer:a33.0:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*
cpe:2.3:a:algosec:firewall_analyzer:a33.10:build210:*:*:*:*:*:*
References () https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12382.htm - () https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12382.htm - Vendor Advisory

13 Nov 2025, 11:15

Type Values Removed Values Added
Summary (en) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows Path Traversal, Code Injection.This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210). (en) Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).

12 Nov 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-11-12 10:15

Updated : 2025-12-11 18:37

NVD link : CVE-2025-12382

Mitre link : CVE-2025-12382

CVE.ORG link : CVE-2025-12382

JSON object : View

Products Affected

algosec

  • firewall_analyzer

linux

  • linux_kernel
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')