CVE-2025-12278
BaseFortify
Publication date: 2025-10-26
Last updated on: 2025-11-10
Assigner: azure-access
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| azure-access | blu-ic2_firmware | to 1.20 (exc) |
| azure-access | blu-ic2 | * |
| azure-access | blu-ic4_firmware | to 1.20 (exc) |
| azure-access | blu-ic4 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-613 | According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the logout functionality not working properly in BLU-IC2 and BLU-IC4 devices up to version 1.19.5. Essentially, users may not be able to log out as expected, which could lead to security issues such as unauthorized access if sessions remain active.
How can this vulnerability impact me? :
If the logout functionality does not work, it could allow unauthorized users to access a system or application because sessions may remain active even after a user attempts to log out. This can lead to potential data exposure or unauthorized actions within the affected devices.