CRITICAL🇵🇱 Wersja polska

CVE-2025-12425

CVSS 10.0v4.0pub. 2025-10-28upd. 2025-11-07

Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

🤖 AI Analysis
How it works

The vulnerability consists of improper privilege handling in the firmware of BLU-IC2 and BLU-IC4 devices in versions up to and including 1.19.5. An attacker with local access to the device can exploit this vulnerability to obtain higher system privileges than those to which they are entitled. The detailed mechanism has not been disclosed in the manufacturer's description, however, classification as CWE-269 suggests improper control of privilege granting or delegation.

Impact

Successful exploitation of this vulnerability allows an attacker to gain full control of the device with elevated privileges, which may lead to data compromise, manipulation of device configuration, and potentially lateral movement within the network to which the device is connected.

Mitigation & patch

Security patches available from the manufacturer should be applied in accordance with references published at https://azure-access.com/security-advisories. Until firmware is updated, physical and local access to devices should be restricted exclusively to authorized personnel.

Who is affected

Azure-Access BLU-IC2 (firmware version up to and including 1.19.5) and Azure-Access BLU-IC4 (firmware version up to and including 1.19.5).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Azure Access Blu Ic2

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic2 Firmware

    OS
    Azure-Access
    < 1.20
  • Azure Access Blu Ic4

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic4 Firmware

    OS
    Azure-Access
    < 1.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-12600CRITICAL10.0PL ✓ten sam produkt

Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12599CRITICAL10.0PL ✓ten sam produkt

Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12601CRITICAL10.0PL ✓ten sam produkt

Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4

CVE-2025-12553CRITICAL10.0PL ✓ten sam produkt

Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4

CVE-2025-12516CRITICAL10.0PL ✓ten sam produkt

Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4