CVE-2025-60534

CRITICAL

Blue Access Cobalt v02.000.195 - Auth Bypass

Title source: llm

Description

Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credentials.

References (2)

[Broken Link] http://blue.com

[Third Party Advisory] https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-60534.md

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0012

EPSS Percentile 30.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (1)

blueaccesstech/cobalt_x1 02.000.195

Published Jan 06, 2026

Tracked Since Feb 18, 2026