Cyber Resilience

CVE-2025-12382

High

Published: 12 November 2025

Published
12 November 2025
Modified
11 December 2025
KEV Added
Patch
CVSS Score v4 7.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:X/RE:L/U:Amber
EPSS Score 0.0011 28.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12382 is a high-severity Path Traversal (CWE-22) vulnerability in Algosec Firewall Analyzer. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-12382 is an Improper Limitation of a Pathname (Path Traversal) vulnerability, classified under CWE-22, affecting AlgoSec Firewall Analyzer on Linux 64-bit systems. It enables an authenticated user to bypass path restrictions and upload files to a protected directory, facilitating code injection. The vulnerability impacts AlgoSec Firewall Analyzer versions A33.0 (up to build 320) and A33.10 (up to build 210). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.

An attacker with authenticated access (low privileges required) can exploit this over the network with low complexity and no user interaction. By crafting malicious file upload requests that traverse restricted paths, the attacker gains the ability to inject and execute arbitrary code on the server, potentially leading to full system compromise, data exfiltration, or further lateral movement within the environment.

AlgoSec has published a technical advisory detailing the issue at https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12382.htm, which security practitioners should consult for specific patch information, workarounds, and affected build verification. The vulnerability was publicly disclosed on 2025-11-12.

EU & UK References

Vulnerability details

Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 (up to…

more

build 320), A33.10 (up to build 210).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Path traversal vulnerability in AlgoSec Firewall Analyzer (public-facing web application) enables exploitation (T1190) via authenticated file upload to protected directories, facilitating arbitrary code injection such as web shells (T1100).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24208Same product: Linux Linux Kernel
CVE-2026-24209Same product: Linux Linux Kernel
CVE-2026-2749Same product: Linux Linux Kernel
CVE-2026-43186Same product: Linux Linux Kernel
CVE-2026-43037Same product: Linux Linux Kernel
CVE-2026-31718Same product: Linux Linux Kernel
CVE-2026-23427Same product: Linux Linux Kernel
CVE-2026-31668Same product: Linux Linux Kernel
CVE-2026-31414Same product: Linux Linux Kernel
CVE-2026-43055Same product: Linux Linux Kernel

Affected Assets

algosec
firewall analyzer
a33.0, a33.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates file path inputs to block path traversal attempts that enable uploads to restricted directories.

prevent

Enforces strict access controls to prevent authenticated users from writing files outside authorized directories despite path manipulation.

prevent

Remediates the specific path traversal vulnerability through timely patching of affected AlgoSec Firewall Analyzer versions.

References