CVE-2025-12285 CRITICAL

CVE-2025-12285: Missing Initial Password Change

Vendor Azure Access Technology

Product BLU-IC2

Weakness CWE-20 · Input validation

Published October 26, 2025

Last update October 28, 2025

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Key dates

October 26, 2025 CVE published

October 28, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2025-12285

CWE CWE-20

CVSS 10.0 / CRITICAL

Vendor Azure Access Technology

Product BLU-IC2

Affected ≤ 1.19.5

Vendor Azure Access Technology

Product BLU-IC4

Affected ≤ 1.19.5