CVE-2025-53696
9.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Johnson Controls, Inc | iSTAR Ultra | 0 <= 6.9.2 | affected |
Weaknesses
- CWE-494: CWE-494 Download of Code Without Integrity Check
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.