CVE-2025-12104
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-11-07
Assigner: azure-access
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| azure-access | blu-ic2_firmware | to 1.20 (exc) |
| azure-access | blu-ic2 | * |
| azure-access | blu-ic4_firmware | to 1.20 (exc) |
| azure-access | blu-ic4 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1104 | The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves outdated and vulnerable UI dependencies in BLU-IC2 and BLU-IC4 products up to version 1.19.5. These outdated components might be exploited by attackers, potentially leading to security breaches.
How can this vulnerability impact me? :
The vulnerability has a critical impact with a CVSS v4.0 base score of 10.0, indicating it can be exploited remotely without authentication or user interaction, leading to high confidentiality, integrity, and availability impacts. This means an attacker could fully compromise the affected systems.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying patches promptly to the affected BLU-IC2 and BLU-IC4 versions up to 1.19.5, as critical vulnerabilities are patched in the latest supported firmware or software versions. Users should refer to the official security advisories from Azure Access Technology for patch availability and follow secure system setup guidelines provided in their wiki. [1]