CVE-2025-12114
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-11-10
Assigner: azure-access
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| azure-access | blu-ic2_firmware | to 1.20 (exc) |
| azure-access | blu-ic2 | * |
| azure-access | blu-ic4_firmware | to 1.20 (exc) |
| azure-access | blu-ic4 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1191 | The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an enabled serial console that could potentially leak information. This leaked information might help an attacker identify other vulnerabilities in the affected devices, specifically BLU-IC2 and BLU-IC4 models through version 1.19.5.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to gain information through the serial console that may assist in finding further weaknesses in the system. This could lead to increased risk of unauthorized access or exploitation of the affected devices.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should disable the enabled serial console on affected devices (BLU-IC2 and BLU-IC4 through version 1.19.5) to prevent potential information leakage. Additionally, apply any available firmware or software patches provided by the vendor as soon as they are released. Refer to the security advisories and guidelines published by Azure Access Technology for detailed mitigation steps and secure system setup recommendations. [1]