This issue affects Firewall Analyzer: A33.0, A33.10.
"}],"value":"Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection.\n\nA local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. \nThis issue affects Firewall Analyzer: A33.0, A33.10."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]},{"capecId":"CAPEC-137","descriptions":[{"lang":"en","value":"CAPEC-137 Parameter Injection"}]}],"metrics":[{"cvssV4_0":{"Automatable":"YES","Recovery":"USER","Safety":"NEGLIGIBLE","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"LOCAL","baseScore":6.1,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/RE:L/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"LOW"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269 Improper Privilege Management","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"ca5f073f-8266-4d43-b3e3-6eb0bb18a738","shortName":"AlgoSec","dateUpdated":"2025-12-09T13:41:53.393Z"},"references":[{"url":"https://techdocs.algosec.com/en/cves/Content/tech-notes/cves/cve-2025-12381.htm"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade ASMS suite to A33.0 (build 330 and above), A33.10 (build 230 and above).