CVE-2025-53696

Published: Jul 28, 2025

Modified: Aug 19, 2025

PUBLISHED

Description

iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.

Vendor	Product	Versions
Johnson Controls, Inc	iSTAR Ultra	affected `0 - <= 6.9.2`

Weaknesses (CWE)

CWE-494

References

https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-03.txt

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-53696

Description

Affected Products

Weaknesses (CWE)

References