CVE Details
Basic Information
| Title | CVE-2025-53696 |
|---|---|
| Type | cve |
| Published | 2025-07-28T14:43:01.059Z |
| Modified | 2025-07-28T14:43:01.059Z |
Product Information
| Vendor | Johnson Controls, Inc |
|---|---|
| Product | iSTAR Ultra |
| Version | 0 |
CVSS Information
| Base Score | 9.3 (CRITICAL) |
|---|---|
| Attack Vector | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
AI Analysis
| AI Description | The iSTAR Ultra device has a vulnerability where it doesn’t inspect certain firmware parts during boot, potentially allowing malicious code execution. Tested up to firmware 6.9.2, with later versions possibly affected. |
|---|---|
| AI Severity | Critical |
| AI Vendor | Johnson Controls, Inc |
| AI Product | iSTAR Ultra |
| AI Version | Versions up to 6.9.2, possibly including later versions |
Affected Products
- Johnson Controls, Inc iSTAR Ultra 0
Additional Information
| CWE List | CWE-494 |
|---|---|
| Source | Dragos |
Description
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.