CVE-2025-12114

EPSS 0.1%
Veröffentlicht 23.10.2025 15:29:13
Zuletzt bearbeitet 10.11.2025 15:08:27
Quelle a0340c66-c385-4f8b-991b-3d05f6
CVE-Watchlists
Login
Unerledigt
Login

Serial Console Enabled

Enabled serial console could potentially leak information that might help attacker to find vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Azure-access ≫ Blu-ic2 Firmware Version < 1.20

Azure-access ≫ Blu-ic2

Azure-access ≫ Blu-ic4 Firmware Version < 1.20

Azure-access ≫ Blu-ic4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.009

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
a0340c66-c385-4f8b-991b-3d05f6fd5220	5.2	0	0	CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

https://azure-access.com/security-advisories

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-12114

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-12114

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-12114

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-12114