Secret Sharing Vulnerability in BLU-IC2 and BLU-IC4 Products
CVE-2025-12599

10CRITICAL

Key Information:

Vendor: Azure Access Technology
Status: Blu-ic2; Blu-ic4
Vendor: CVE Published:; 1 November 2025

🔔 Create Azure Access Technology Vulnerability Alert

What is CVE-2025-12599?

A serious security issue has been identified in the BLU-IC2 and BLU-IC4 products, where multiple devices inadvertently share the same secrets for SDKSocket, potentially exposing sensitive data. This vulnerability affects all versions of these products up to and including 1.19.5, posing risks of unauthorized access and information leakage. Users are highly advised to review their configurations and update to the latest secure versions to mitigate this risk.

Affected Version(s)

BLU-IC2 0 <= 1.19.5

BLU-IC4 0 <= 1.19.5

References

https://azure-access.com/security-advisories

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2025
Vulnerability Reserved
Nov 1, 2025

Credit

Kevin Schaller

Benjamin Lafois

Alexi Bitsios

Sebastian Toscano

Dominik Schneider

JSON