How to fix CVE-2025-60534?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Audit authentication configurations and rotate any potentially compromised credentials.

Is Cobalt X1 affected by CVE-2025-60534?

CVE-2025-60534 presents critical security risk, a improper authentication vulnerability rated CVSS 9.8. Attackers could bypass security controls to gain unauthorized access to protected resources and sensitive data.

CVE-2025-60534

CRITICAL

2026-01-06 [email protected]

Authentication Bypass Cobalt X1

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 06, 2026 - 17:15 nvd

CRITICAL 9.8

DescriptionNVD

Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credentials.

AnalysisAI

Blue Access Cobalt v02.000.195 has an authentication bypass through selective request proxying. Attackers can manipulate proxy behavior to access web application functions without legitimate credentials.

Technical ContextAI

The application's proxy mechanism can be manipulated (CWE-287) to forward requests to backend services without requiring authentication. By crafting requests that bypass the authentication proxy layer, attackers can access any application function directly.

RemediationAI

Update to a patched version. Ensure authentication is enforced at the application level, not just the proxy level.

CVE-2025-60534 vulnerability details – vuln.today

Back

CVE-2025-60534

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code