PT-2025-42822 · Blu-Ic2+1 · Blu-Ic2+1

Alexi Bitsios

Published

2025-10-20

Updated

2025-11-07

CVE-2025-12001

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5

Description A lack of application manifest sanitation can lead to potential stored cross-site scripting (XSS). This allows for remote code execution with no user interaction. The issue involves a manifest sanitization bypass, creating a perfect-score stored XSS.

Recommendations Update BLU-IC2 to a version later than 1.19.5. Update BLU-IC4 to a version later than 1.19.5.

Fix

XSS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-20

Related Identifiers

CVE-2025-12001

Affected Products

Blu-Ic2

Blu-Ic4

PT-2025-42822 · Blu-Ic2+1 · Blu-Ic2+1

CVE-2025-12001

Weakness Enumeration

Related Identifiers

Affected Products

References · 10