CRITICAL🇵🇱 Wersja polska

CVE-2025-12275

CVSS 10.0v4.0pub. 2025-10-26upd. 2025-11-07

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

🤖 AI Analysis
How it works

The vulnerability results from insufficient input data validation (CWE-20) in the email configuration handling mechanism. An unauthorized remote attacker can deliver crafted data that leads to modification of the configuration file and subsequent execution of arbitrary system commands. The attack does not require authentication, user interaction, or specific environmental conditions.

Impact

An attacker can gain full control over the device, including its confidentiality, integrity, and availability, and the consequences may also extend to systems associated with the vulnerable device.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with references published at https://azure-access.com/security-advisories. Until firmware is updated, it is recommended to isolate devices from untrusted networks and restrict access to them using a firewall.

Who is affected

Azure-Access BLU-IC2 (firmware up to version 1.19.5 inclusive) and Azure-Access BLU-IC4 (firmware up to version 1.19.5 inclusive).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Azure Access Blu Ic2

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic2 Firmware

    OS
    Azure-Access
    < 1.20
  • Azure Access Blu Ic4

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic4 Firmware

    OS
    Azure-Access
    < 1.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-12600CRITICAL10.0PL ✓ten sam produkt

Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12599CRITICAL10.0PL ✓ten sam produkt

Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12601CRITICAL10.0PL ✓ten sam produkt

Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4

CVE-2025-12553CRITICAL10.0PL ✓ten sam produkt

Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4

CVE-2025-12516CRITICAL10.0PL ✓ten sam produkt

Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4