How severe is CVE-2025-12031?

CVE-2025-12031 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-12031

5.3MEDIUM

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1

Publicado: 10/21/2025Atualizado: 11/7/2025

Descrição

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Análise IADesenvolvido por IA

Produtos Afetados

azure-accessblu-ic2_firmware

azure-accessblu-ic2

azure-accessblu-ic4_firmware

azure-accessblu-ic4

Referências

https://azure-access.com/security-advisories
Vendor Advisory