CVE-2025-12554

Missing Security Headers

CVSS 6.9 MEDIUMEPSS 0.3%CWE-693

In short

The BLU-IC2 and BLU-IC4 software versions up to 1.19.5 are missing important security headers that web browsers use to protect against common attacks like clickjacking and data theft. Without these headers, the application is more vulnerable to certain web-based attacks.

Technical detail

Missing security headers (CWE-693) in BLU-IC2 and BLU-IC4 through v1.19.5 fails to implement HTTP response headers such as X-Frame-Options, X-Content-Type-Options, and Content-Security-Policy that mitigate client-side attacks. An attacker can leverage this to perform clickjacking, MIME-type sniffing, or injection attacks without server-enforced protections in place.

Summary generated and translated by AI from the official description.

Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Affected products

Azure Access Technology · BLU-IC2 Azure Access Technology · BLU-IC4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://azure-access.com/security-advisories