CVE-2025-60534

CRITICAL

Blue Access Cobalt v02.000.195 - Auth Bypass

Title source: llm

Description

Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credentials.

References (2)

[Broken Link] http://blue.com

[Third Party Advisory] https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-60534.md

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0011

EPSS Percentile 29.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status published

Affected Products (1)

blueaccesstech/cobalt_x1

Timeline

Published Jan 06, 2026

Tracked Since Feb 18, 2026