CVE-2025-12516

Lack of Graceful Error Handling - HTTP 5xx Error

CVSS 10 CRITICALEPSS 0.3%CWE-394

In short

The BLU-IC2 and BLU-IC4 devices fail to handle server errors gracefully, returning raw HTTP 5xx errors that expose internal system details to attackers. This allows unauthorized disclosure of sensitive information about the device's internal structure and operation.

Technical detail

The affected BLU-IC2 (≤1.19.5) and BLU-IC4 (≤1.19.5) devices lack proper error handling for server-side failures, resulting in unfiltered HTTP 5xx responses that leak internal implementation details. An unauthenticated remote attacker can trigger these errors through normal requests to obtain information useful for further exploitation. The absence of error sanitization creates an information disclosure vulnerability enabling reconnaissance.

Summary generated and translated by AI from the official description.

Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

Azure Access Technology · BLU-IC2 Azure Access Technology · BLU-IC4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://azure-access.com/security-advisories