CVE-2025-12476

Resource Lacking AuthN

CVSS 10 CRITICALEPSS 0.3%CWE-306

In short

A critical flaw in BLU-IC2 and BLU-IC4 (up to version 1.19.5) allows attackers to access protected resources without providing valid credentials. This means sensitive data or functions can be accessed by anyone without authentication.

Technical detail

CWE-306 vulnerability where critical resources lack proper authentication controls in BLU-IC2 and BLU-IC4 versions ≤1.19.5. An unauthenticated attacker can directly access protected endpoints or resources, resulting in unauthorized data exposure and potential system compromise.

Summary generated and translated by AI from the official description.

Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

Azure Access Technology · BLU-IC2 Azure Access Technology · BLU-IC4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://azure-access.com/security-advisories