CVE-2025-12364

Weak Password Policy

CVSS 10 CRITICALEPSS 0.3%CWE-521

In short

The BLU-IC2 and BLU-IC4 systems through version 1.19.5 allow users to set weak passwords that are easily guessed or cracked, making accounts vulnerable to unauthorized access.

Technical detail

CWE-521 weak password policy permits attackers to perform dictionary and brute-force attacks against user accounts with minimal computational effort; no additional authentication factors or rate-limiting mechanisms are documented, enabling rapid credential compromise in affected versions.

Summary generated and translated by AI from the official description.

Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

Azure Access Technology · BLU-IC2 Azure Access Technology · BLU-IC4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://azure-access.com/security-advisories