Johnson Controls Inc Istar Ultra vulnerabilities
2 known vulnerabilities affecting johnson_controls_inc/istar_ultra.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-53695P2CRITICALCVSS 9.4≤ 6.9.22025-07-28
CVE-2025-53695 [CRITICAL] CWE-78 CVE-2025-53695: OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gai
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.
nvd
CVE-2025-53696P3CRITICALCVSS 9.3≤ 6.9.22025-07-28
CVE-2025-53696 [CRITICAL] CWE-494 CVE-2025-53696: iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect cert
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.
nvd