Cyber Resilience

CVE-2025-12422

Critical

Published: 28 October 2025

Published
28 October 2025
Modified
07 November 2025
KEV Added
Patch
CVSS Score v4 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0014 33.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12422 is a critical-severity Path Traversal (CWE-22) vulnerability in Azure-Access Blu-Ic2 Firmware. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-12422, published on 2025-10-28, is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) stemming from a vulnerable upgrade feature that enables arbitrary file write (CWE-22). This flaw affects BLU-IC2 devices through version 1.19.5 and BLU-IC4 devices through version 1.19.5, potentially allowing attackers to obtain super user permissions on the board.

The vulnerability can be exploited by unauthenticated remote attackers requiring low complexity and no user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, culminating in full super user privileges on the affected device.

Mitigation details are available in the security advisory at https://azure-access.com/security-advisories.

EU & UK References

Vulnerability details

Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability allows unauthenticated remote exploitation of a public-facing upgrade feature (arbitrary file write) to gain super user privileges, directly mapping to T1190 (Exploit Public-Facing Application) for initial access and T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-12275Same product: Azure-Access Blu-Ic2
CVE-2025-12104Same product: Azure-Access Blu-Ic2
CVE-2025-12285Same product: Azure-Access Blu-Ic2
CVE-2025-62630Shared CWE-22
CVE-2025-60786Shared CWE-22
CVE-2025-27590Shared CWE-22
CVE-2026-42520Shared CWE-22
CVE-2026-32727Shared CWE-22
CVE-2026-40258Shared CWE-22
CVE-2025-41757Shared CWE-22

Affected Assets

azure-access
blu-ic2 firmware
≤ 1.20
azure-access
blu-ic4 firmware
≤ 1.20

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific flaw in the vulnerable upgrade feature by requiring timely patching to versions beyond 1.19.5.

prevent

Prevents arbitrary file writes via path traversal by validating and sanitizing inputs to the upgrade feature.

prevent

Limits damage from successful arbitrary file writes by ensuring the upgrade process runs with least privileges insufficient for super user access.

References