← back
CVE-2025-12515

Systemic Internal Server Errors - HTTP 500 Response

CVSS 10 CRITICALEPSS 0.3%CWE-394
In short

A critical flaw causes the BLU-IC2 and BLU-IC4 systems (versions up to 1.19.5) to repeatedly crash with internal server errors (HTTP 500), making them completely unavailable. This prevents legitimate users from accessing the service at all.

Technical detail

A systemic exception handling failure in BLU-IC2 and BLU-IC4 up to 1.19.5 triggers persistent HTTP 500 errors on routine requests, resulting in denial of service. The vulnerability stems from improper error handling (CWE-394) that crashes the application without graceful recovery, affecting availability with no authentication requirement.

Summary generated and translated by AI from the official description.
Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
Azure Access Technology · BLU-IC2Azure Access Technology · BLU-IC4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://azure-access.com/security-advisories