CVE-2025-53695
published 2025-07-28CVE-2025-53695: OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device…
PriorityP260critical9.4CVSS 4.0
AVNACLATNPRHUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.90%
55.2th percentile
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| johnson_controls_inc | istar_ultra | <= 6.9.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g6w7-rgjj-7r73: OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the
ghsa_unreviewed·2025-07-28
CVE-2025-53695 [CRITICAL] CWE-78 GHSA-g6w7-rgjj-7r73: OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.
CISA ICS
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 (Update A)
cisa_ics·2025-12-16·CVSS 9.4
[CRITICAL] Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 (Update A)
ICS Advisory
##
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 (Update A)
Last RevisedDecember 16, 2025
Alert CodeICSA-25-224-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of these vulnerabilities may allow an attacker to modify firmware and access the space that is protected by the device.
The following versions of Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 (Update A) are affected:
- iSTAR Ultra (CVE-2025-53695, CVE-2025-53696, CVE-2025-53697, CVE-2025-53700)
- iSTAR Ultra SE (CVE-2025-53695, CVE-2025-53696, CVE-2025-53697, CVE-2025-53700)
- iSTAR Ultra G2 (CVE-2025-536
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-28
Published