CVE-2025-12220
BaseFortify
Publication date: 2025-10-25
Last updated on: 2025-11-10
Assigner: azure-access
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| azure-access | blu-ic2_firmware | to 1.20 (exc) |
| azure-access | blu-ic2 | * |
| azure-access | blu-ic4_firmware | to 1.20 (exc) |
| azure-access | blu-ic4 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12220 refers to multiple known vulnerabilities in Busybox version 1.31.1 affecting certain BLU-IC2 and BLU-IC4 versions up to 1.19.5. The CVSS v4.0 base score is 10.0, indicating critical severity with network attack vector and no required privileges or user interaction. However, specific technical details or descriptions of the vulnerabilities are not provided in the available resources. [1]
How can this vulnerability impact me? :
Given the critical CVSS score of 10.0 and the characteristics of the vulnerability (network attack vector, no privileges or user interaction required), this vulnerability could allow an attacker to fully compromise affected systems remotely. This could lead to complete system takeover, data breaches, or disruption of services. However, exact impacts are not detailed in the provided resources. [1]