PT-2025-42917 · Blu-Ic2+1 · Blu-Ic2+1

Alexi Bitsios

Published

2025-10-21

Updated

2025-11-07

CVE-2025-12031

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5

Description A security misconfiguration exists due to the absence of the Secure and HTTPOnly attributes, potentially allowing sensitive cookies to be read from the JavaScript context.

Recommendations Ensure the Secure and HTTPOnly attributes are implemented for all cookies in BLU-IC2 versions through 1.19.5. Ensure the Secure and HTTPOnly attributes are implemented for all cookies in BLU-IC4 versions through 1.19.5.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1004

Related Identifiers

CVE-2025-12031

Affected Products

Blu-Ic2

Blu-Ic4

PT-2025-42917 · Blu-Ic2+1 · Blu-Ic2+1

CVE-2025-12031

Weakness Enumeration

Related Identifiers

Affected Products

References · 5