CVE-2025-12382
Published: 12 November 2025
Summary
CVE-2025-12382 is a high-severity Path Traversal (CWE-22) vulnerability in Algosec Firewall Analyzer. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly validates file path inputs to block path traversal attempts that enable uploads to restricted directories.
Enforces strict access controls to prevent authenticated users from writing files outside authorized directories despite path manipulation.
Remediates the specific path traversal vulnerability through timely patching of affected AlgoSec Firewall Analyzer versions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal vulnerability in AlgoSec Firewall Analyzer (public-facing web application) enables exploitation (T1190) via authenticated file upload to protected directories, facilitating arbitrary code injection such as web shells (T1100).
NVD Description
Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 (up to…
more
build 320), A33.10 (up to build 210).
Deeper analysisAI
CVE-2025-12382 is an Improper Limitation of a Pathname (Path Traversal) vulnerability, classified under CWE-22, affecting AlgoSec Firewall Analyzer on Linux 64-bit systems. It enables an authenticated user to bypass path restrictions and upload files to a protected directory, facilitating code injection. The vulnerability impacts AlgoSec Firewall Analyzer versions A33.0 (up to build 320) and A33.10 (up to build 210). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
An attacker with authenticated access (low privileges required) can exploit this over the network with low complexity and no user interaction. By crafting malicious file upload requests that traverse restricted paths, the attacker gains the ability to inject and execute arbitrary code on the server, potentially leading to full system compromise, data exfiltration, or further lateral movement within the environment.
AlgoSec has published a technical advisory detailing the issue at https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12382.htm, which security practitioners should consult for specific patch information, workarounds, and affected build verification. The vulnerability was publicly disclosed on 2025-11-12.
Details
- CWE(s)