CVE-2025-26381

Summary

Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsOpenBlue Workplace (formerly FM Systems)0 <= 2025.1.2affected

Weaknesses

  • CWE-425: CWE-425 Direct Request ('Forced Browsing')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References