PT-2025-49864 · Algosec · Algosec Firewall Analyzer

Charlie Lindholm

Published

2025-12-09

Updated

2025-12-17

CVE-2025-12381

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AlgoSec Firewall Analyzer versions A33.0 through A33.10

Description A flaw exists in AlgoSec Firewall Analyzer that could allow a local user with command line access to elevate their privileges. This is due to improper handling of parameters within a command authorized in the sudoers file, potentially leading to privilege escalation and parameter injection.

Recommendations Apply updates to versions beyond A33.10. As a temporary workaround, restrict access to the sudoers file to authorized personnel only. Review and minimize the parameters allowed within commands configured in the sudoers file.

Fix

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2025-12381

Affected Products

Algosec Firewall Analyzer

PT-2025-49864 · Algosec · Algosec Firewall Analyzer

CVE-2025-12381

Weakness Enumeration

Related Identifiers

Affected Products

References · 5