CVE-2025-12554
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-10
Assigner: azure-access
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| azure-access | blu-ic2_firmware | to 1.20 (exc) |
| azure-access | blu-ic2 | * |
| azure-access | blu-ic4_firmware | to 1.20 (exc) |
| azure-access | blu-ic4 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves missing security headers in the affected software versions BLU-IC2 and BLU-IC4 up to version 1.19.5. Security headers are HTTP response headers that help protect web applications from various attacks by enforcing security policies. Their absence can leave the application more vulnerable to certain types of attacks.
How can this vulnerability impact me? :
The missing security headers can increase the risk of attacks such as cross-site scripting (XSS), clickjacking, and other web-based exploits. This can lead to unauthorized access, data theft, or manipulation of the web application, potentially compromising the security and integrity of your system.