CVE-2025-61740

Summary

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGIQ Panels2 <= 2affected
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGIQ Panels2+ <= 2+affected
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGIQHubaffected
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGIQPanel 4 <= 4.6.0affected
Johnson ControlsIQ Panels2, 2+, IQHub, IQPanel 4, PowerGPowerG <= 53.02affected

Weaknesses

  • CWE-346: CWE-346 Origin Validation Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References