Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    78 vulnerabilities by Azure Access Technology

    CVE-2025-12603 (GCVE-0-2025-12603)

    Vulnerability from nvd – Published: 2025-11-01 18:56 – Updated: 2025-11-03 13:29
    VLAI
    Title
    /etc/timezone can be Arbitrarily Written
    Summary
    /etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12603",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T13:10:25.682557Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T13:29:31.660Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "/etc/timezone can be Arbitrarily Written.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-123",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-123 Buffer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-01T18:56:52.453Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "/etc/timezone can be Arbitrarily Written",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12603",
        "datePublished": "2025-11-01T18:56:52.453Z",
        "dateReserved": "2025-11-01T18:56:03.169Z",
        "dateUpdated": "2025-11-03T13:29:31.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12602 (GCVE-0-2025-12602)

    Vulnerability from nvd – Published: 2025-11-01 18:54 – Updated: 2025-11-03 13:29
    VLAI
    Title
    /etc/avahi/services/z9.service can be Arbitrarily Written
    Summary
    /etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12602",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T13:10:32.228396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T13:29:38.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "/etc/avahi/services/z9.service can be Arbitrarily Written.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-123",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-123 Buffer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-01T18:58:27.791Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "/etc/avahi/services/z9.service can be Arbitrarily Written",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12602",
        "datePublished": "2025-11-01T18:54:46.956Z",
        "dateReserved": "2025-11-01T18:51:15.934Z",
        "dateUpdated": "2025-11-03T13:29:38.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12601 (GCVE-0-2025-12601)

    Vulnerability from nvd – Published: 2025-11-01 18:49 – Updated: 2025-11-03 13:29
    VLAI
    Title
    Denial of Service Due to SlowLoris
    Summary
    Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T13:24:05.015658Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T13:29:43.969Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Denial of Service Due to SlowLoris.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-730",
                  "description": "CWE-730 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-01T18:49:12.782Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service Due to SlowLoris",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12601",
        "datePublished": "2025-11-01T18:49:12.782Z",
        "dateReserved": "2025-11-01T18:48:41.797Z",
        "dateUpdated": "2025-11-03T13:29:43.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12600 (GCVE-0-2025-12600)

    Vulnerability from nvd – Published: 2025-11-01 18:48 – Updated: 2025-11-03 13:29
    VLAI
    Title
    Web UI Malfunction
    Summary
    Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T13:24:06.540853Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T13:29:50.055Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Web UI Malfunction when setting unexpected locale via API.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-730",
                  "description": "CWE-730 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-01T18:48:49.084Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Web UI Malfunction",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12600",
        "datePublished": "2025-11-01T18:48:49.084Z",
        "dateReserved": "2025-11-01T18:41:42.242Z",
        "dateUpdated": "2025-11-03T13:29:50.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12599 (GCVE-0-2025-12599)

    Vulnerability from nvd – Published: 2025-11-01 18:39 – Updated: 2025-11-03 13:29
    VLAI
    Title
    Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000)
    Summary
    Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12599",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T13:24:07.997503Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T13:29:56.000Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191 Read Sensitive Constants Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321 Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-01T18:39:53.127Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12599",
        "datePublished": "2025-11-01T18:39:53.127Z",
        "dateReserved": "2025-11-01T18:36:05.890Z",
        "dateUpdated": "2025-11-03T13:29:56.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12554 (GCVE-0-2025-12554)

    Vulnerability from nvd – Published: 2025-10-31 15:52 – Updated: 2025-10-31 17:43
    VLAI
    Title
    Missing Security Headers
    Summary
    Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12554",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T17:43:09.619872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T17:43:18.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Security Headers.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-102",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-102 Session Sidejacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:52:29.049Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Security Headers",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12554",
        "datePublished": "2025-10-31T15:52:29.049Z",
        "dateReserved": "2025-10-31T15:50:12.846Z",
        "dateUpdated": "2025-10-31T17:43:18.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12553 (GCVE-0-2025-12553)

    Vulnerability from nvd – Published: 2025-10-31 15:48 – Updated: 2025-10-31 18:36
    VLAI
    Title
    Server Certificate Verification Disabled
    Summary
    Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-599 - Missing Validation of OpenSSL Certificate
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12553",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T18:36:48.308468Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T18:36:54.940Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Email Server Certificate Verification Disabled.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-94",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-94 Adversary in the Middle (AiTM)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-599",
                  "description": "CWE-599 Missing Validation of OpenSSL Certificate",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:48:29.402Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Server Certificate Verification Disabled",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12553",
        "datePublished": "2025-10-31T15:48:29.402Z",
        "dateReserved": "2025-10-31T15:46:01.105Z",
        "dateUpdated": "2025-10-31T18:36:54.940Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12552 (GCVE-0-2025-12552)

    Vulnerability from nvd – Published: 2025-10-31 15:43 – Updated: 2025-10-31 18:24
    VLAI
    Title
    Insufficient Password Policy
    Summary
    Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12552",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T18:24:12.411511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T18:24:19.770Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient Password Policy.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-16",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-16 Dictionary-based Password Attack"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:43:44.961Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient Password Policy",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12552",
        "datePublished": "2025-10-31T15:43:44.961Z",
        "dateReserved": "2025-10-31T15:40:57.549Z",
        "dateUpdated": "2025-10-31T18:24:19.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12517 (GCVE-0-2025-12517)

    Vulnerability from nvd – Published: 2025-10-30 15:47 – Updated: 2025-10-30 16:24
    VLAI
    Title
    Credits Page not Matching Versions in Use in the Firmware
    Summary
    Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12517",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-30T16:13:18.522949Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-30T16:24:57.181Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Credits Page not Matching Versions in Use in the Firmware\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-36",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-448",
                  "description": "CWE-448 Obsolete Feature in UI",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-30T15:47:04.209Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Credits Page not Matching Versions in Use in the Firmware",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12517",
        "datePublished": "2025-10-30T15:47:04.209Z",
        "dateReserved": "2025-10-30T15:43:44.827Z",
        "dateUpdated": "2025-10-30T16:24:57.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12516 (GCVE-0-2025-12516)

    Vulnerability from nvd – Published: 2025-10-30 15:42 – Updated: 2025-10-30 17:24
    VLAI
    Title
    Lack of Graceful Error Handling - HTTP 5xx Error
    Summary
    Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-394 - Unexpected Status Code or Return Value
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12516",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-30T17:24:29.354208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-30T17:24:46.054Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of Graceful Error Handling - HTTP 5xx Error\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-116",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-116 Excavation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-394",
                  "description": "CWE-394 Unexpected Status Code or Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-30T15:42:21.656Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Lack of Graceful Error Handling - HTTP 5xx Error",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12516",
        "datePublished": "2025-10-30T15:42:21.656Z",
        "dateReserved": "2025-10-30T15:39:53.087Z",
        "dateUpdated": "2025-10-30T17:24:46.054Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12515 (GCVE-0-2025-12515)

    Vulnerability from nvd – Published: 2025-10-30 15:38 – Updated: 2025-10-30 17:27
    VLAI
    Title
    Systemic Internal Server Errors - HTTP 500 Response
    Summary
    Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-394 - Unexpected Status Code or Return Value
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12515",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-30T17:25:50.601327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-30T17:27:30.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Systemic Internal Server Errors - HTTP 500 Response\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-116",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-116 Excavation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-394",
                  "description": "CWE-394 Unexpected Status Code or Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-30T15:38:45.150Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Systemic Internal Server Errors - HTTP 500 Response",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12515",
        "datePublished": "2025-10-30T15:38:45.150Z",
        "dateReserved": "2025-10-30T15:38:05.929Z",
        "dateUpdated": "2025-10-30T17:27:30.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12479 (GCVE-0-2025-12479)

    Vulnerability from nvd – Published: 2025-10-29 16:50 – Updated: 2025-10-29 18:04
    VLAI
    Title
    Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation
    Summary
    Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12479",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T18:01:25.884061Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-29T18:04:45.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-29T16:50:08.991Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12479",
        "datePublished": "2025-10-29T16:50:08.991Z",
        "dateReserved": "2025-10-29T16:39:17.612Z",
        "dateUpdated": "2025-10-29T18:04:45.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12478 (GCVE-0-2025-12478)

    Vulnerability from nvd – Published: 2025-10-29 16:37 – Updated: 2025-10-29 19:37
    VLAI
    Title
    Non-Compliant TLS Configuration
    Summary
    Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12478",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T19:16:17.499372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-29T19:37:55.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Non-Compliant TLS Configuration.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-192",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-192 Protocol Analysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-29T16:37:47.165Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Non-Compliant TLS Configuration",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12478",
        "datePublished": "2025-10-29T16:37:47.165Z",
        "dateReserved": "2025-10-29T16:36:02.981Z",
        "dateUpdated": "2025-10-29T19:37:55.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12477 (GCVE-0-2025-12477)

    Vulnerability from nvd – Published: 2025-10-29 16:33 – Updated: 2025-10-29 17:37
    VLAI
    Title
    Server Version Disclosure
    Summary
    Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12477",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T17:36:51.560779Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-29T17:37:03.798Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server Version Disclosure.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-36",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-29T16:33:48.232Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Server Version Disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12477",
        "datePublished": "2025-10-29T16:33:48.232Z",
        "dateReserved": "2025-10-29T16:33:02.430Z",
        "dateUpdated": "2025-10-29T17:37:03.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12476 (GCVE-0-2025-12476)

    Vulnerability from nvd – Published: 2025-10-29 16:31 – Updated: 2025-10-29 17:37
    VLAI
    Title
    Resource Lacking AuthN
    Summary
    Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12476",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T17:37:25.696463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-29T17:37:32.134Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Resource Lacking AuthN.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-36",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-29T16:31:47.306Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Resource Lacking AuthN",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12476",
        "datePublished": "2025-10-29T16:31:47.306Z",
        "dateReserved": "2025-10-29T16:29:07.632Z",
        "dateUpdated": "2025-10-29T17:37:32.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12603 (GCVE-0-2025-12603)

    Vulnerability from cvelistv5 – Published: 2025-11-01 18:56 – Updated: 2025-11-03 13:29
    VLAI
    Title
    /etc/timezone can be Arbitrarily Written
    Summary
    /etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12603",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T13:10:25.682557Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T13:29:31.660Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "/etc/timezone can be Arbitrarily Written.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-123",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-123 Buffer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-01T18:56:52.453Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "/etc/timezone can be Arbitrarily Written",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12603",
        "datePublished": "2025-11-01T18:56:52.453Z",
        "dateReserved": "2025-11-01T18:56:03.169Z",
        "dateUpdated": "2025-11-03T13:29:31.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12602 (GCVE-0-2025-12602)

    Vulnerability from cvelistv5 – Published: 2025-11-01 18:54 – Updated: 2025-11-03 13:29
    VLAI
    Title
    /etc/avahi/services/z9.service can be Arbitrarily Written
    Summary
    /etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12602",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T13:10:32.228396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T13:29:38.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "/etc/avahi/services/z9.service can be Arbitrarily Written.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-123",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-123 Buffer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-01T18:58:27.791Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "/etc/avahi/services/z9.service can be Arbitrarily Written",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12602",
        "datePublished": "2025-11-01T18:54:46.956Z",
        "dateReserved": "2025-11-01T18:51:15.934Z",
        "dateUpdated": "2025-11-03T13:29:38.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12601 (GCVE-0-2025-12601)

    Vulnerability from cvelistv5 – Published: 2025-11-01 18:49 – Updated: 2025-11-03 13:29
    VLAI
    Title
    Denial of Service Due to SlowLoris
    Summary
    Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T13:24:05.015658Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T13:29:43.969Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Denial of Service Due to SlowLoris.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-730",
                  "description": "CWE-730 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-01T18:49:12.782Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service Due to SlowLoris",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12601",
        "datePublished": "2025-11-01T18:49:12.782Z",
        "dateReserved": "2025-11-01T18:48:41.797Z",
        "dateUpdated": "2025-11-03T13:29:43.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12600 (GCVE-0-2025-12600)

    Vulnerability from cvelistv5 – Published: 2025-11-01 18:48 – Updated: 2025-11-03 13:29
    VLAI
    Title
    Web UI Malfunction
    Summary
    Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T13:24:06.540853Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T13:29:50.055Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Web UI Malfunction when setting unexpected locale via API.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-730",
                  "description": "CWE-730 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-01T18:48:49.084Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Web UI Malfunction",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12600",
        "datePublished": "2025-11-01T18:48:49.084Z",
        "dateReserved": "2025-11-01T18:41:42.242Z",
        "dateUpdated": "2025-11-03T13:29:50.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12599 (GCVE-0-2025-12599)

    Vulnerability from cvelistv5 – Published: 2025-11-01 18:39 – Updated: 2025-11-03 13:29
    VLAI
    Title
    Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000)
    Summary
    Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12599",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T13:24:07.997503Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T13:29:56.000Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191 Read Sensitive Constants Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321 Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-01T18:39:53.127Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12599",
        "datePublished": "2025-11-01T18:39:53.127Z",
        "dateReserved": "2025-11-01T18:36:05.890Z",
        "dateUpdated": "2025-11-03T13:29:56.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12554 (GCVE-0-2025-12554)

    Vulnerability from cvelistv5 – Published: 2025-10-31 15:52 – Updated: 2025-10-31 17:43
    VLAI
    Title
    Missing Security Headers
    Summary
    Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12554",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T17:43:09.619872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T17:43:18.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Security Headers.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-102",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-102 Session Sidejacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:52:29.049Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Security Headers",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12554",
        "datePublished": "2025-10-31T15:52:29.049Z",
        "dateReserved": "2025-10-31T15:50:12.846Z",
        "dateUpdated": "2025-10-31T17:43:18.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12553 (GCVE-0-2025-12553)

    Vulnerability from cvelistv5 – Published: 2025-10-31 15:48 – Updated: 2025-10-31 18:36
    VLAI
    Title
    Server Certificate Verification Disabled
    Summary
    Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-599 - Missing Validation of OpenSSL Certificate
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12553",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T18:36:48.308468Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T18:36:54.940Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Email Server Certificate Verification Disabled.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-94",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-94 Adversary in the Middle (AiTM)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-599",
                  "description": "CWE-599 Missing Validation of OpenSSL Certificate",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:48:29.402Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Server Certificate Verification Disabled",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12553",
        "datePublished": "2025-10-31T15:48:29.402Z",
        "dateReserved": "2025-10-31T15:46:01.105Z",
        "dateUpdated": "2025-10-31T18:36:54.940Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12552 (GCVE-0-2025-12552)

    Vulnerability from cvelistv5 – Published: 2025-10-31 15:43 – Updated: 2025-10-31 18:24
    VLAI
    Title
    Insufficient Password Policy
    Summary
    Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12552",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T18:24:12.411511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T18:24:19.770Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient Password Policy.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
                }
              ],
              "value": "Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-16",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-16 Dictionary-based Password Attack"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:43:44.961Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient Password Policy",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12552",
        "datePublished": "2025-10-31T15:43:44.961Z",
        "dateReserved": "2025-10-31T15:40:57.549Z",
        "dateUpdated": "2025-10-31T18:24:19.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12517 (GCVE-0-2025-12517)

    Vulnerability from cvelistv5 – Published: 2025-10-30 15:47 – Updated: 2025-10-30 16:24
    VLAI
    Title
    Credits Page not Matching Versions in Use in the Firmware
    Summary
    Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12517",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-30T16:13:18.522949Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-30T16:24:57.181Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Credits Page not Matching Versions in Use in the Firmware\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-36",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-448",
                  "description": "CWE-448 Obsolete Feature in UI",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-30T15:47:04.209Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Credits Page not Matching Versions in Use in the Firmware",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12517",
        "datePublished": "2025-10-30T15:47:04.209Z",
        "dateReserved": "2025-10-30T15:43:44.827Z",
        "dateUpdated": "2025-10-30T16:24:57.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12516 (GCVE-0-2025-12516)

    Vulnerability from cvelistv5 – Published: 2025-10-30 15:42 – Updated: 2025-10-30 17:24
    VLAI
    Title
    Lack of Graceful Error Handling - HTTP 5xx Error
    Summary
    Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-394 - Unexpected Status Code or Return Value
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12516",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-30T17:24:29.354208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-30T17:24:46.054Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of Graceful Error Handling - HTTP 5xx Error\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-116",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-116 Excavation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-394",
                  "description": "CWE-394 Unexpected Status Code or Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-30T15:42:21.656Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Lack of Graceful Error Handling - HTTP 5xx Error",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12516",
        "datePublished": "2025-10-30T15:42:21.656Z",
        "dateReserved": "2025-10-30T15:39:53.087Z",
        "dateUpdated": "2025-10-30T17:24:46.054Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12515 (GCVE-0-2025-12515)

    Vulnerability from cvelistv5 – Published: 2025-10-30 15:38 – Updated: 2025-10-30 17:27
    VLAI
    Title
    Systemic Internal Server Errors - HTTP 500 Response
    Summary
    Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-394 - Unexpected Status Code or Return Value
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12515",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-30T17:25:50.601327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-30T17:27:30.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Systemic Internal Server Errors - HTTP 500 Response\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-116",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-116 Excavation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-394",
                  "description": "CWE-394 Unexpected Status Code or Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-30T15:38:45.150Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Systemic Internal Server Errors - HTTP 500 Response",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12515",
        "datePublished": "2025-10-30T15:38:45.150Z",
        "dateReserved": "2025-10-30T15:38:05.929Z",
        "dateUpdated": "2025-10-30T17:27:30.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12479 (GCVE-0-2025-12479)

    Vulnerability from cvelistv5 – Published: 2025-10-29 16:50 – Updated: 2025-10-29 18:04
    VLAI
    Title
    Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation
    Summary
    Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12479",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T18:01:25.884061Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-29T18:04:45.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-29T16:50:08.991Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12479",
        "datePublished": "2025-10-29T16:50:08.991Z",
        "dateReserved": "2025-10-29T16:39:17.612Z",
        "dateUpdated": "2025-10-29T18:04:45.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12478 (GCVE-0-2025-12478)

    Vulnerability from cvelistv5 – Published: 2025-10-29 16:37 – Updated: 2025-10-29 19:37
    VLAI
    Title
    Non-Compliant TLS Configuration
    Summary
    Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12478",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T19:16:17.499372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-29T19:37:55.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Non-Compliant TLS Configuration.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-192",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-192 Protocol Analysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-29T16:37:47.165Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Non-Compliant TLS Configuration",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12478",
        "datePublished": "2025-10-29T16:37:47.165Z",
        "dateReserved": "2025-10-29T16:36:02.981Z",
        "dateUpdated": "2025-10-29T19:37:55.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12477 (GCVE-0-2025-12477)

    Vulnerability from cvelistv5 – Published: 2025-10-29 16:33 – Updated: 2025-10-29 17:37
    VLAI
    Title
    Server Version Disclosure
    Summary
    Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12477",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T17:36:51.560779Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-29T17:37:03.798Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server Version Disclosure.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-36",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-29T16:33:48.232Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Server Version Disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12477",
        "datePublished": "2025-10-29T16:33:48.232Z",
        "dateReserved": "2025-10-29T16:33:02.430Z",
        "dateUpdated": "2025-10-29T17:37:03.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12476 (GCVE-0-2025-12476)

    Vulnerability from cvelistv5 – Published: 2025-10-29 16:31 – Updated: 2025-10-29 17:37
    VLAI
    Title
    Resource Lacking AuthN
    Summary
    Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Credits
    Kevin Schaller Benjamin Lafois Alexi Bitsios Sebastian Toscano Dominik Schneider
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12476",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T17:37:25.696463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-29T17:37:32.134Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC2",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BLU-IC4",
              "vendor": "Azure Access Technology",
              "versions": [
                {
                  "lessThanOrEqual": "1.19.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kevin Schaller"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Benjamin Lafois"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Alexi Bitsios"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebastian Toscano"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Dominik Schneider"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Resource Lacking AuthN.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
                }
              ],
              "value": "Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-36",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-29T16:31:47.306Z",
            "orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
            "shortName": "azure-access"
          },
          "references": [
            {
              "url": "https://azure-access.com/security-advisories"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Resource Lacking AuthN",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
        "assignerShortName": "azure-access",
        "cveId": "CVE-2025-12476",
        "datePublished": "2025-10-29T16:31:47.306Z",
        "dateReserved": "2025-10-29T16:29:07.632Z",
        "dateUpdated": "2025-10-29T17:37:32.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }