CVE-2025-12422

Vulnerable Upgrade Feature (Arbitrary File Write)

CVSS 10 CRITICALEPSS 0.4%CWE-22

In short

A flaw in the upgrade feature allows attackers to write arbitrary files to the system, potentially gaining super user permissions on BLU-IC2 and BLU-IC4 devices. This is a critical vulnerability that can completely compromise device security.

Technical detail

CWE-22 path traversal vulnerability in the upgrade mechanism of BLU-IC2 (≤1.19.5) and BLU-IC4 (≤1.19.5) allows unauthenticated or low-privileged attackers to write arbitrary files to the filesystem, resulting in privilege escalation to super user. No additional preconditions beyond access to the upgrade feature are required.

Summary generated and translated by AI from the official description.

Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

Azure Access Technology · BLU-IC2 Azure Access Technology · BLU-IC4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://azure-access.com/security-advisories