CVE-2025-12275

Critical

Published: 26 October 2025

Published

26 October 2025

Modified

07 November 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 32.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12275 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Azure-Access Blu-Ic2 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly counters CWE-20 improper input validation by requiring validation of inputs to the mail configuration file, preventing manipulation that enables arbitrary command execution.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of the specific flaw in BLU-IC2 and BLU-IC4 through version 1.19.5 via patching as outlined in the security advisory.

CM-6 Configuration Settings partial match

prevent

Enforces secure configuration settings for mail services to minimize exposure and restrict unauthorized manipulation of configuration files.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability enables remote unauthenticated manipulation of mail configuration files for arbitrary command execution on network-accessible devices, directly facilitating exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Deeper analysisAI

CVE-2025-12275 is a vulnerability involving Mail Configuration File Manipulation that enables Command Execution. It affects BLU-IC2 versions through 1.19.5 and BLU-IC4 versions through 1.19.5. The issue is associated with CWE-20 (Improper Input Validation) and has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with network vector, low attack complexity, no privileges or user interaction required, and high impacts across confidentiality, integrity, and availability.

A remote, unauthenticated attacker can exploit this vulnerability over the network by manipulating the mail configuration file, leading to arbitrary command execution on the affected device. Successful exploitation grants high-level access, allowing full system compromise, data exfiltration, modification of critical files, or disruption of services.

Mitigation details and patches are outlined in the security advisory available at https://azure-access.com/security-advisories.