CVE-2025-11925

Published: Oct 17, 2025

Modified: Oct 17, 2025

PUBLISHED

Description

Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Vendor	Product	Versions
Azure Access Technology	BLU-IC2	affected `0 - <= 1.19.5`
Azure Access Technology	BLU-IC4	affected `0 - <= 1.19.5`

Weaknesses (CWE)

CWE-754

References

https://azure-access.com/security-advisories

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-11925

Description

Affected Products

Weaknesses (CWE)

References