CVE-2025-12553
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-10
Assigner: azure-access
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| azure-access | blu-ic2_firmware | to 1.20 (exc) |
| azure-access | blu-ic2 | * |
| azure-access | blu-ic4_firmware | to 1.20 (exc) |
| azure-access | blu-ic4 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-599 | The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the disabling of certificate verification in the email server components BLU-IC2 and BLU-IC4 up to version 1.19.5. This means that the email server does not properly verify the authenticity of certificates, potentially allowing attackers to intercept or manipulate email communications.
How can this vulnerability impact me? :
The impact of this vulnerability is critical, as indicated by the CVSS score of 10.0. It can allow attackers to perform man-in-the-middle attacks, intercept sensitive email data, or impersonate trusted servers, leading to data breaches, loss of confidentiality, and potential unauthorized access to sensitive information.