CVE-2025-53696_CVE-2025-53696

9.3 / 10

CRITICAL

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.

Basic Information

ID CVE-2025-53696

Source Dragos

Published Jul 28, 2025 at 14:43

Modified Jul 28, 2025 at 17:57

Affected Product

Vendor Johnson Controls, Inc

Product iSTAR Ultra

Affected Versions Johnson Controls, Inc iSTAR Ultra 0

CWE Classification

CWE-494

References

raw.githubusercontent.com /reidmefirst/vuln-disclosure/refs/heads/main/2025-03.txt

{
    "lastseen": "",
    "description": "iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.",
    "published": "2025-07-28T14:43:01.059Z",
    "modified": "2025-07-28T17:57:40.745Z",
    "type": "cve",
    "title": "CVE-2025-53696",
    "source": "Dragos",
    "references": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-03.txt",
    "id": "CVE-2025-53696",
    "bulletinFamily": "",
    "cwe": [
        "CWE-494"
    ],
    "cvelist": null,
    "sourceData": "Johnson Controls, Inc iSTAR Ultra 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iSTAR Ultra",
    "version": "0",
    "vendor": "Johnson Controls, Inc",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}