CVE-2025-61739

Summary

Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGIQPanel2 <= 2affected
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGIQ Panels 2+ <= 2+affected
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGIQHubaffected
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGIQPanel 4 <= 4.6.0affected

Weaknesses

  • CWE-323: CWE-323 Reusing a Nonce, Key pair in encryption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References