Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU)...

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Description

Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool.

Basic Information

ID CVE-2025-26386

Source jci

Published Jan 28, 2026 at 11:24

Modified Jan 28, 2026 at 11:29

Affected Product

Vendor Johnson Controls

Product iSTAR Configuration Utility (ICU)

Version iSTAR Configuration Utility (ICU) tool version 6.9.7 and prior

Affected Versions Johnson Controls iSTAR Configuration Utility (ICU) iSTAR Configuration Utility (ICU) tool version 6.9.7 and prior

CWE Classification

CWE-121

References

{
    "lastseen": "",
    "description": "Johnson Controls iSTAR Configuration Utility (ICU) has\u00a0Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool.",
    "published": "2026-01-28T11:24:46.317Z",
    "modified": "2026-01-28T11:29:35.277Z",
    "type": "cve",
    "title": "Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool",
    "source": "jci",
    "references": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-022-04",
    "id": "CVE-2025-26386",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "Johnson Controls iSTAR Configuration Utility (ICU) iSTAR Configuration Utility (ICU) tool version 6.9.7 and prior",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iSTAR Configuration Utility (ICU)",
    "version": "iSTAR Configuration Utility (ICU) tool version 6.9.7 and prior",
    "vendor": "Johnson Controls",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool_CVE-2025-26386