Unrated severityNVD Advisory· Published Oct 17, 2025· Updated Oct 17, 2025

Incorrect Content-Type Header

CVE-2025-11925

Description

Incorrect Content-Type header in one of the APIs (text/html instead of application/json) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Affected products

Azure Access Technology/Blu Ic4v5
Range: 0
Azure Access Technology/Blu Ic2v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

azure-access.com/security-advisoriesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000