CVE-2025-53696
published 2025-07-28CVE-2025-53696: iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may…
PriorityP340critical9.3CVSS 4.0
AVLACLATNPRHUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.10%
0.9th percentile
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| johnson_controls_inc | istar_ultra | <= 6.9.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hrv9-xx4c-jm2g: iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware
ghsa_unreviewed·2025-07-28
CVE-2025-53696 [CRITICAL] CWE-494 GHSA-hrv9-xx4c-jm2g: iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.
CISA ICS
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 (Update A)
cisa_ics·2025-12-16·CVSS 9.4
[CRITICAL] Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 (Update A)
ICS Advisory
##
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 (Update A)
Last RevisedDecember 16, 2025
Alert CodeICSA-25-224-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of these vulnerabilities may allow an attacker to modify firmware and access the space that is protected by the device.
The following versions of Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 (Update A) are affected:
- iSTAR Ultra (CVE-2025-53695, CVE-2025-53696, CVE-2025-53697, CVE-2025-53700)
- iSTAR Ultra SE (CVE-2025-53695, CVE-2025-53696, CVE-2025-53697, CVE-2025-53700)
- iSTAR Ultra G2 (CVE-2025-536
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-28
Published