CVE-2025-11925

Published: Oct 17, 2025Modified: Nov 7, 2025

10.0

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: a0340c66-c385-4f8b-991b-3d05f6fd5220 (Secondary)

Description

Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Affected (2)

Products: Azure Access: Blu Ic2 Firmware, Blu Ic4 Firmware

Azure Access

2 products

Blu Ic2 Firmware

Blu Ic4 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Azure Access Blu Ic2 Firmware	Before 1.20

Running on/with	Platform Versions
Azure Access Blu Ic2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Azure Access Blu Ic4 Firmware	Before 1.20

Running on/with	Platform Versions
Azure Access Blu Ic4	All versions

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (1)

https://azure-access.com/security-advisories

Source: a0340c66-c385-4f8b-991b-3d05f6fd5220

Vendor Advisory

Timeline

No history available yet.