CVE-2025-12031

Published: Oct 21, 2025

Modified: Oct 21, 2025

PUBLISHED

Description

HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Vendor	Product	Versions
Azure Access Technology	BLU-IC2	affected `0 - <= 1.19.5`
Azure Access Technology	BLU-IC4	affected `0 - <= 1.19.5`

Weaknesses (CWE)

CWE-1004

References

https://azure-access.com/security-advisories

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-12031

Description

Affected Products

Weaknesses (CWE)

References