CRITICAL🇵🇱 Wersja polska

CVE-2025-12424

CVSS 10.0v4.0pub. 2025-10-28upd. 2025-11-07

Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

🤖 AI Analysis
How it works

The vulnerability involves improper privilege management (CWE-269) — specifically improper use of the SUID (Set User ID) bit on a system binary file. The SUID bit causes the program to execute with the permissions of the file owner (typically root) rather than the permissions of the user invoking it. An attacker with system access can exploit this binary file to obtain elevated privileges without requiring authentication as an administrator.

Impact

An attacker can obtain full administrative (root) privileges on the device, enabling complete system takeover, configuration modification, access to protected data, and potentially compromising the network to which the device is connected.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with references published at https://azure-access.com/security-advisories. Until the fix is implemented, it is recommended to restrict physical and network access to devices exclusively to trusted users and monitor attempts of unauthorized access.

Who is affected

Azure-Access BLU-IC2 in versions up to 1.19.5 (inclusive) and Azure-Access BLU-IC4 in versions up to 1.19.5 (inclusive), including corresponding firmware versions of these devices.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Azure Access Blu Ic2

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic2 Firmware

    OS
    Azure-Access
    < 1.20
  • Azure Access Blu Ic4

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic4 Firmware

    OS
    Azure-Access
    < 1.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-12600CRITICAL10.0PL ✓ten sam produkt

Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12599CRITICAL10.0PL ✓ten sam produkt

Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12601CRITICAL10.0PL ✓ten sam produkt

Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4

CVE-2025-12553CRITICAL10.0PL ✓ten sam produkt

Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4

CVE-2025-12516CRITICAL10.0PL ✓ten sam produkt

Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4