CVE-2025-11925

EPSS 0.03%
Veröffentlicht 17.10.2025 19:56:14
Zuletzt bearbeitet 07.11.2025 17:14:51
Quelle a0340c66-c385-4f8b-991b-3d05f6
CVE-Watchlists
Login
Unerledigt
Login

Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Azure-access ≫ Blu-ic2 Firmware Version < 1.20

Azure-access ≫ Blu-ic2 Version-

Azure-access ≫ Blu-ic4 Firmware Version < 1.20

Azure-access ≫ Blu-ic4 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.055

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
a0340c66-c385-4f8b-991b-3d05f6fd5220	10	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://azure-access.com/security-advisories

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-11925

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-11925

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-11925

EUVD