CVE-2025-12552

Insufficient Password Policy

CVSS 6.9 MEDIUMEPSS 0.3%CWE-521

In short

The BLU-IC2 and BLU-IC4 systems allow weak passwords to be set because they do not enforce strong password requirements. This makes it easier for attackers to guess or crack user credentials and gain unauthorized access.

Technical detail

An insufficient password policy vulnerability exists in BLU-IC2 and BLU-IC4 through version 1.19.5, where the system fails to enforce adequate password complexity requirements. An unauthenticated attacker can set weak credentials during account creation or password reset, reducing resistance to brute-force and dictionary attacks. The vulnerability enables compromise of user accounts with minimal attack effort.

Summary generated and translated by AI from the official description.

Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Affected products

Azure Access Technology · BLU-IC2 Azure Access Technology · BLU-IC4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://azure-access.com/security-advisories