CVE-2025-11832

APIs Lack Rate Limiting

CVSS 10 CRITICALEPSS 0.3%CWE-770

In short

The Azure Access Technology BLU-IC2 and BLU-IC4 devices don't limit how many requests an attacker can send to their APIs, allowing someone to flood them with traffic and make them unavailable.

Technical detail

CWE-770 vulnerability in Azure Access Technology BLU-IC2 and BLU-IC4 (versions up to 1.19.5) lack rate limiting on APIs, enabling resource exhaustion attacks via uncontrolled request flooding with no authentication or prior access required, resulting in denial of service.

Summary generated and translated by AI from the official description.

Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

Azure Access Technology · BLU-IC2 Azure Access Technology · BLU-IC4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://azure-access.com/security-advisories