← back
CVE-2025-12477

Server Version Disclosure

CVSS 10 CRITICALEPSS 0.3%CWE-306
In short

The server reveals its version number in responses, allowing attackers to identify what software and version is running. This makes it easier for attackers to find and exploit known vulnerabilities specific to that version.

Technical detail

Server version information is disclosed in HTTP headers or responses (CWE-306: Missing Authentication for Critical Function), enabling reconnaissance for targeted exploitation. Attackers can leverage this information to identify applicable CVEs without authentication, increasing attack surface for BLU-IC2 and BLU-IC4 versions through 1.19.5.

Summary generated and translated by AI from the official description.
Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
Azure Access Technology · BLU-IC2Azure Access Technology · BLU-IC4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://azure-access.com/security-advisories