Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-12217

Summary
Assigner-azure-access
Assigner Org ID-a0340c66-c385-4f8b-991b-3d05f6fd5220
Published At-25 Oct, 2025 | 15:39
Updated At-28 Oct, 2025 | 14:15
Rejected At-
Credits

SNMP Default Community String (public)

SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:azure-access
Assigner Org ID:a0340c66-c385-4f8b-991b-3d05f6fd5220
Published At:25 Oct, 2025 | 15:39
Updated At:28 Oct, 2025 | 14:15
Rejected At:
â–¼CVE Numbering Authority (CNA)
SNMP Default Community String (public)

SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Affected Products
Vendor
Azure Access Technology
Product
BLU-IC2
Default Status
unaffected
Versions
Affected
  • From 0 through 1.19.5 (semver)
Vendor
Azure Access Technology
Product
BLU-IC4
Default Status
unaffected
Versions
Affected
  • From 0 through 1.19.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-1392CWE-1392: Use of Default Credentials
Type: CWE
CWE ID: CWE-1392
Description: CWE-1392: Use of Default Credentials
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-114CAPEC-114 Authentication Abuse
CAPEC ID: CAPEC-114
Description: CAPEC-114 Authentication Abuse
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Kevin Schaller
finder
Benjamin Lafois
finder
Alexi Bitsios
finder
Sebastian Toscano
finder
Dominik Schneider
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://azure-access.com/security-advisories
N/A
Hyperlink: https://azure-access.com/security-advisories
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:a0340c66-c385-4f8b-991b-3d05f6fd5220
Published At:25 Oct, 2025 | 16:15
Updated At:10 Nov, 2025 | 15:03

SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
azure-access
azure-access
>>blu-ic2_firmware>>Versions before 1.20(exclusive)
cpe:2.3:o:azure-access:blu-ic2_firmware:*:*:*:*:*:*:*:*
azure-access
azure-access
>>blu-ic2>>*
cpe:2.3:h:azure-access:blu-ic2:*:*:*:*:*:*:*:*
azure-access
azure-access
>>blu-ic4_firmware>>Versions before 1.20(exclusive)
cpe:2.3:o:azure-access:blu-ic4_firmware:*:*:*:*:*:*:*:*
azure-access
azure-access
>>blu-ic4>>*
cpe:2.3:h:azure-access:blu-ic4:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1392Secondarya0340c66-c385-4f8b-991b-3d05f6fd5220
CWE ID: CWE-1392
Type: Secondary
Source: a0340c66-c385-4f8b-991b-3d05f6fd5220
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://azure-access.com/security-advisoriesa0340c66-c385-4f8b-991b-3d05f6fd5220
Vendor Advisory
Hyperlink: https://azure-access.com/security-advisories
Source: a0340c66-c385-4f8b-991b-3d05f6fd5220
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2025-12218
Matching Score-10
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-10
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-10||CRITICAL
EPSS-0.06% / 17.85%
||
7 Day CHG+0.01%
Published-25 Oct, 2025 | 15:47
Updated-10 Nov, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak Default Credentials

Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-1392
Use of Default Credentials
CVE-2025-12284
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 29.58%
||
7 Day CHG+0.03%
Published-26 Oct, 2025 | 16:21
Updated-10 Nov, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack of Input Validation

Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-12278
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-6.9||MEDIUM
EPSS-0.10% / 28.41%
||
7 Day CHG+0.02%
Published-26 Oct, 2025 | 16:14
Updated-10 Nov, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Logout Functionality not Working

Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2025-12552
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 24.60%
||
7 Day CHG+0.02%
Published-31 Oct, 2025 | 15:43
Updated-10 Nov, 2025 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Password Policy

Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-521
Weak Password Requirements
CVE-2025-12554
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 30.28%
||
7 Day CHG+0.03%
Published-31 Oct, 2025 | 15:52
Updated-10 Nov, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Security Headers

Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-12365
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
ShareView Details
Matching Score-8
Assigner-a0340c66-c385-4f8b-991b-3d05f6fd5220
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 16.41%
||
7 Day CHG+0.01%
Published-27 Oct, 2025 | 18:12
Updated-10 Nov, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Error Messages Wrapped In HTTP Header

Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Action-Not Available
Vendor-azure-accessAzure Access Technology
Product-blu-ic2blu-ic4_firmwareblu-ic2_firmwareblu-ic4BLU-IC2BLU-IC4
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-29629
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.03% / 7.35%
||
7 Day CHG-0.14%
Published-25 Jul, 2025 | 00:00
Updated-25 Feb, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.

Action-Not Available
Vendor-Gardyn
Product-Home Kit Firmware
CWE ID-CWE-1392
Use of Default Credentials
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
Details not found