{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2025-53696", "assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef", "state": "PUBLISHED", "assignerShortName": "Dragos", "dateReserved": "2025-07-08T14:48:42.604Z", "datePublished": "2025-07-28T14:43:01.059Z", "dateUpdated": "2025-08-19T14:43:13.549Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Linux"], "product": "iSTAR Ultra", "vendor": "Johnson Controls, Inc", "versions": [{"lessThanOrEqual": "6.9.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.<br>"}], "value": "iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected."}], "impacts": [{"capecId": "CAPEC-638", "descriptions": [{"lang": "en", "value": "CAPEC-638 Altered Component Firmware"}]}, {"capecId": "CAPEC-452", "descriptions": [{"lang": "en", "value": "CAPEC-452 Infected Hardware"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-494", "description": "CWE-494 Download of Code Without Integrity Check", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef", "shortName": "Dragos", "dateUpdated": "2025-08-19T14:43:13.549Z"}, "references": [{"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-03.txt"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-28T15:25:02.419648Z", "id": "CVE-2025-53696", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T17:57:40.745Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53696", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-28T15:25:02.419648Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T15:25:04.049Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-638", "descriptions": [{"lang": "en", "value": "CAPEC-638 Altered Component Firmware"}]}, {"capecId": "CAPEC-452", "descriptions": [{"lang": "en", "value": "CAPEC-452 Infected Hardware"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Johnson Controls, Inc", "product": "iSTAR Ultra", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.9.2"}], "platforms": ["Linux"], "defaultStatus": "unknown"}], "references": [{"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-03.txt"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.", "supportingMedia": [{"type": "text/html", "value": "iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-494", "description": "CWE-494 Download of Code Without Integrity Check"}]}], "providerMetadata": {"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef", "shortName": "Dragos", "dateUpdated": "2025-08-19T14:43:13.549Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53696", "state": "PUBLISHED", "dateUpdated": "2025-08-19T14:43:13.549Z", "dateReserved": "2025-07-08T14:48:42.604Z", "assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef", "datePublished": "2025-07-28T14:43:01.059Z", "assignerShortName": "Dragos"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected."}, {"lang": "es", "value": "iSTAR Ultra realiza una verificaci\u00f3n de firmware al arrancar; sin embargo, esta verificaci\u00f3n no inspecciona ciertas partes del firmware. Estas partes podr\u00edan contener c\u00f3digo malicioso. Se prob\u00f3 hasta la versi\u00f3n 6.9.2; las versiones posteriores tambi\u00e9n podr\u00edan verse afectadas."}], "id": "CVE-2025-53696", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ot-cert@dragos.com", "type": "Secondary"}]}, "published": "2025-07-28T15:15:26.670", "references": [{"source": "ot-cert@dragos.com", "url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-03.txt"}], "sourceIdentifier": "ot-cert@dragos.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-494"}], "source": "ot-cert@dragos.com", "type": "Secondary"}]}

{}

{"created": "2025-07-29T10:01:00.743799+00:00", "updated": "2025-07-29T10:01:00.743853+00:00", "vendors": ["johnsoncontrols", "johnsoncontrols$PRODUCT$istar_ultra"]}