CVE 8.7 HIGH

iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 – Authenticated web application command injection – get8021xSettings_CVE-2025-43876

December 24, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Under certain circumstances a successful exploitation could result in access to the device.

AI Analysis

Authenticated web application command injection vulnerability in iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 devices, allowing access to the device under certain circumstances.

Basic Information

ID CVE-2025-43876

Source jci

Published Dec 24, 2025 at 15:27

Modified Dec 24, 2025 at 16:20

Affected Product

Vendor Johnson Controls

Product iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2

Affected Versions Johnson Controls iSTAR Ultra, iSTAR Ultra SE 0
Johnson Controls iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Johnson Controls

Product iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2

References

{
    "lastseen": "",
    "description": "Under certain circumstances a successful exploitation could result in access to the device.",
    "published": "2025-12-24T15:27:06.898Z",
    "modified": "2025-12-24T16:20:55.776Z",
    "type": "cve",
    "title": "iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - get8021xSettings",
    "source": "jci",
    "references": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-345-01",
    "id": "CVE-2025-43876",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Johnson Controls iSTAR Ultra, iSTAR Ultra SE 0\nJohnson Controls iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2",
    "version": "0",
    "vendor": "Johnson Controls",
    "ai_description": "Authenticated web application command injection vulnerability in iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 devices, allowing access to the device under certain circumstances.",
    "ai_severity": "High",
    "ai_vendor": "Johnson Controls",
    "ai_product": "iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply