CVE-2025-12031
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-11-07
Assigner: azure-access
Description
Description
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| azure-access | blu-ic2_firmware | to 1.20 (exc) |
| azure-access | blu-ic2 | * |
| azure-access | blu-ic4_firmware | to 1.20 (exc) |
| azure-access | blu-ic4 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1004 | The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an HTTP security misconfiguration where the Secure and HTTPOnly attributes are missing from cookies. This allows sensitive cookies to be read from the JavaScript context, potentially exposing them to unauthorized access.
How can this vulnerability impact me? :
The vulnerability can lead to sensitive cookies being accessed by malicious scripts, which may result in session hijacking, unauthorized access, or data theft.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70