CVE-2025-60534

Critical

Published: 06 January 2026

Published

06 January 2026

Modified

29 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-60534 is a critical-severity Improper Authentication (CWE-287) vulnerability in Blueaccesstech Cobalt X1. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Explicitly identifies and authorizes only specific actions performable without identification or authentication, preventing attackers from proxying requests to unauthorized web application functionality.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to system resources, directly countering the authentication bypass by ensuring logical access controls are comprehensively applied.

IA-8 Identification and Authentication (Non-organizational Users) good match

prevent

Requires identification and authentication for non-organizational users, mitigating remote unauthenticated exploitation of the web application via proxied requests.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE-2025-60534 enables unauthenticated attackers to bypass authentication on a public-facing web application by proxying requests, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credentials.

Deeper analysisAI

CVE-2025-60534 is an authentication bypass vulnerability in Blue Access Cobalt v02.000.195. The issue allows an attacker to selectively proxy requests to operate functionality on the associated web application without authenticating using legitimate credentials. It is classified under CWE-287 (Improper Authentication) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and high impacts across confidentiality, integrity, and availability.

An unauthenticated attacker with network access can exploit this vulnerability remotely without privileges or user interaction. By proxying requests, the attacker bypasses authentication controls to execute arbitrary functionality on the web application, potentially achieving full unauthorized control over affected operations.

Advisories and additional details are referenced at http://blue.com and https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-60534.md, published on 2026-01-06.