CVE-2025-43873

Summary

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device.

Affected Software

VendorProductVersion RangeStatus
Johnson ControliSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G20 <= 6.9.3affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References