7.8
CVE-2025-12381
- EPSS 0.14%
- Veröffentlicht 09.12.2025 13:41:53
- Zuletzt bearbeitet 17.12.2025 14:51:27
- Quelle security.vulnerabilities@algos
- CVE-Watchlists
- Unerledigt
Privilege Escalation via Misconfigured Sudoers Entry for Local Users in AlgoSec Firewall Analyzer
Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This issue affects Firewall Analyzer: A33.0, A33.10.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Algosec ≫ Firewall Analyzer Versiona33.0
Algosec ≫ Firewall Analyzer Versiona33.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.034 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security.vulnerabilities@algosec.com | 6.1 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:X/RE:L/U:Amber
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12381.htm