CVE-2025-12285
BaseFortify
Publication date: 2025-10-26
Last updated on: 2025-11-10
Assigner: azure-access
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| azure-access | blu-ic2_firmware | to 1.20 (exc) |
| azure-access | blu-ic2 | * |
| azure-access | blu-ic4_firmware | to 1.20 (exc) |
| azure-access | blu-ic4 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-521 | The product does not require that users should have strong passwords. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Initial Password Change issue affecting BLU-IC2 and BLU-IC4 devices up to version 1.19.5. It means that the system does not require users to change the initial default password, which can allow unauthorized access if the default password is known or guessed.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to the affected devices because attackers can exploit the unchanged default passwords. This can result in potential compromise of device security, data breaches, and unauthorized control over the system.