CVE-2025-12425 CRITICAL

CVE-2025-12425: Local Privilege Escalation

Vendor Azure Access Technology

Product BLU-IC2

Weakness CWE-269

Published October 28, 2025

Last update October 28, 2025

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

Key dates

October 28, 2025 CVE published

October 28, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2025-12425

CWE CWE-269

CVSS 10.0 / CRITICAL

Vendor Azure Access Technology

Product BLU-IC2

Affected ≤ 1.19.5

Vendor Azure Access Technology

Product BLU-IC4

Affected ≤ 1.19.5