Arbitrary Write Vulnerability in BLU-IC2 and BLU-IC4 by Vendor
CVE-2025-12602

2.3LOW

Key Information:

Vendor: Azure Access Technology
Status: Blu-ic2; Blu-ic4
Vendor: CVE Published:; 1 November 2025

🔔 Create Azure Access Technology Vulnerability Alert

What is CVE-2025-12602?

The BLU-IC2 and BLU-IC4 products may be susceptible to an arbitrary write vulnerability due to improper handling of the /etc/avahi/services/z9.service file. This flaw could allow an attacker to manipulate the service configurations, potentially leading to unauthorized access or system instability. Versions prior to 1.19.5 are particularly affected, highlighting the urgency for users to implement patches or upgrades from the vendor.

Affected Version(s)

BLU-IC2 0 <= 1.19.5

BLU-IC4 0 <= 1.19.5

References

https://azure-access.com/security-advisories

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2025
Vulnerability Reserved
Nov 1, 2025

Credit

Kevin Schaller

Benjamin Lafois

Alexi Bitsios

Sebastian Toscano

Dominik Schneider

JSON