PT-2025-44004 · Azure Access Tech · Blu-Ic2+1

Alexi Bitsios

Published

2025-10-27

Updated

2025-11-24

CVE-2025-12363

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5

Description The software allows for the disclosure of email passwords. The issue affects Azure Access Tech BLU-IC2 and BLU-IC4. It is recommended to restrict access and enable multi-factor authentication, and to monitor logs for misuse.

Recommendations Restrict access to BLU-IC2 versions through 1.19.5. Enable multi-factor authentication for BLU-IC2 versions through 1.19.5. Monitor logs for misuse on BLU-IC2 versions through 1.19.5. Restrict access to BLU-IC4 versions through 1.19.5. Enable multi-factor authentication for BLU-IC4 versions through 1.19.5. Monitor logs for misuse on BLU-IC4 versions through 1.19.5.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-12363

Affected Products

Blu-Ic2

Blu-Ic4

PT-2025-44004 · Azure Access Tech · Blu-Ic2+1

CVE-2025-12363

Weakness Enumeration

Related Identifiers

Affected Products

References · 5