CVE-2025-60534

Critical

Published: 06 January 2026

Published

06 January 2026

Modified

29 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credentials.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Explicitly identifies and authorizes only specific actions performable without identification or authentication, preventing attackers from proxying requests to unauthorized web application functionality.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to system resources, directly countering the authentication bypass by ensuring logical access controls are comprehensively applied.

IA-8 Identification and Authentication (Non-organizational Users) good match

prevent

Requires identification and authentication for non-organizational users, mitigating remote unauthenticated exploitation of the web application via proxied requests.

Security SummaryAI

CVE-2025-60534 is an authentication bypass vulnerability in Blue Access Cobalt v02.000.195. The issue allows an attacker to selectively proxy requests to operate functionality on the associated web application without authenticating using legitimate credentials. It is classified under CWE-287 (Improper Authentication) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and high impacts across confidentiality, integrity, and availability.

An unauthenticated attacker with network access can exploit this vulnerability remotely without privileges or user interaction. By proxying requests, the attacker bypasses authentication controls to execute arbitrary functionality on the web application, potentially achieving full unauthorized control over affected operations.

Advisories and additional details are referenced at http://blue.com and https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-60534.md, published on 2026-01-06.

Details

CWE(s): CWE-287

Affected Products

blueaccesstech

cobalt x1

02.000.195

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE-2025-60534 enables unauthenticated attackers to bypass authentication on a public-facing web application by proxying requests, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

http://blue.com
Broken Link · cve@mitre.org
https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-60534.md
Third Party Advisory · cve@mitre.org