CVE-2025-12381
Privilege Escalation via Misconfigured Sudoers Entry for Local Users in AlgoSec Firewall Analyzer
| Published | 2025-12-09 |
| Impact | Medium |
| Base CVSS Score | 6.1 |
| Product | AlgoSec Firewall Analyzer |
| Affected Versions |
A33.0 (up to build 320) A33.10 (up to build 220) |
| Fixed in Version |
A33.0 (build 330 and above) A33.10 (build 230 and above) |
| Finder | Charlie Lindholm |
Description
Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection.
A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file.
This issue affects Firewall Analyzer: A33.0, A33.10.
Issues addressed as part of this vulnerability
-
Fixed sudoers misconfigurations.
Solution
Upgrade ASMS to the fixed build as sudoers misconfigurations was fixed in these builds.
References
-
CVE-2025-12381 in cve.org