CVE-2025-12382
Path Traversal Allows Remote Code Execution in AlgoSec Firewall Analyzer
| Published | 2025-11-12 |
| Impact | High |
| Base CVSS Score | 7.3 |
| Product | AlgoSec Firewall Analyzer |
| Affected Versions |
A33.0 (up to build 320) A33.10 (up to build 210) |
| Fixed in Version |
A33.0 (build 330 and above) A33.10 (build 220 and above) |
| Finder | Charlie Lindholm |
Description
Improper limitation of a Pathname ('Path Traversal') vulnerability in AlgoSec Firewall Analyzer on Linux 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection.
Issues addressed as part of this vulnerability
-
Fixed code injection to the file path.
Solution
Upgrade ASMS to the fixed build as code injection to the file path was fixed in these builds.
References
-
CVE-2025-12382 in cve.org