← back
CVE-2025-12275

Mail Configuration File Manipulation + Command Execution

CVSS 10 CRITICALEPSS 0.5%CWE-20
In short

A critical flaw allows attackers to manipulate mail configuration files and execute arbitrary commands on BLU-IC2 and BLU-IC4 devices (versions up to 1.19.5). This can give attackers complete control over the affected system.

Technical detail

CWE-20 (Improper Input Validation) permits unauthorized modification of mail configuration files, leading to remote command execution. The vulnerability affects BLU-IC2 and BLU-IC4 up to version 1.19.5; successful exploitation grants unauthenticated or low-privileged attackers arbitrary code execution with system-level privileges.

Summary generated and translated by AI from the official description.
Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
Azure Access Technology · BLU-IC2Azure Access Technology · BLU-IC4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://azure-access.com/security-advisories