Details of VAR-202510-2770

ID

VAR-202510-2770

CVE

CVE-2025-12216

TITLE

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial-of-Service Vulnerabilities (CNVD-2025-29089)

Trust: 0.6

sources: CNVD: CNVD-2025-29089

DESCRIPTION

Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company. Both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 contain a denial-of-service vulnerability. This vulnerability stems from the fact that malicious or malformed applications can be installed but not uninstalled, allowing attackers to exploit this vulnerability to render the service unavailable

Trust: 1.44

sources: NVD: CVE-2025-12216 // CNVD: CNVD-2025-29089

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-29089

AFFECTED PRODUCTS

vendor:	azure access	model:	blu-ic2	scope:	lt	version:	1.20	Trust: 1.0
vendor:	azure access	model:	blu-ic4	scope:	lt	version:	1.20	Trust: 1.0
vendor:	azure	model:	access technology blu-ic2	scope:	lte	version:	<=1.19.5	Trust: 0.6
vendor:	azure	model:	access technology blu-ic4	scope:	lte	version:	<=1.19.5	Trust: 0.6

sources: CNVD: CNVD-2025-29089 // NVD: CVE-2025-12216

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-12216
value:	MEDIUM
Trust: 1.0
a0340c66-c385-4f8b-991b-3d05f6fd5220:	CVE-2025-12216
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-29089
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-29089
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-12216
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-29089 // NVD: CVE-2025-12216 // NVD: CVE-2025-12216

PROBLEMTYPE DATA

problemtype:

CWE-1301

Trust: 1.0

sources: NVD: CVE-2025-12216

EXTERNAL IDS

db:	NVD	id:	CVE-2025-12216	Trust: 1.6
db:	CNVD	id:	CNVD-2025-29089	Trust: 0.6

sources: CNVD: CNVD-2025-29089 // NVD: CVE-2025-12216

REFERENCES

url:	https://azure-access.com/security-advisories	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-12216	Trust: 0.6

sources: CNVD: CNVD-2025-29089 // NVD: CVE-2025-12216

SOURCES

db:	CNVD	id:	CNVD-2025-29089
db:	NVD	id:	CVE-2025-12216

LAST UPDATE DATE

2025-11-23T23:41:28.189000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-29089	date:	2025-11-20T00:00:00
db:	NVD	id:	CVE-2025-12216	date:	2025-11-10T15:04:53.567

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-29089	date:	2025-11-20T00:00:00
db:	NVD	id:	CVE-2025-12216	date:	2025-10-25T16:15:39.277