CVE-2025-12275
Published: 26 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-12275 is a vulnerability involving Mail Configuration File Manipulation that enables Command Execution. It affects BLU-IC2 versions through 1.19.5 and BLU-IC4 versions through 1.19.5. The issue is associated with CWE-20 (Improper Input Validation) and has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with network vector, low attack complexity, no privileges or user interaction required, and high impacts across confidentiality, integrity, and availability.
A remote, unauthenticated attacker can exploit this vulnerability over the network by manipulating the mail configuration file, leading to arbitrary command execution on the affected device. Successful exploitation grants high-level access, allowing full system compromise, data exfiltration, modification of critical files, or disruption of services.
Mitigation details and patches are outlined in the security advisory available at https://azure-access.com/security-advisories.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables remote unauthenticated manipulation of mail configuration files for arbitrary command execution on network-accessible devices, directly facilitating exploitation of public-facing applications.