Vulnerability Details CVE-2025-12031
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.9%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2025-12031
-
cpe:2.3:h:azure-access:blu-ic2:*
-
cpe:2.3:h:azure-access:blu-ic4:*
-
cpe:2.3:o:azure-access:blu-ic2_firmware:*
-
cpe:2.3:o:azure-access:blu-ic4_firmware:*