1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Johnson Controls Inc.
- Equipment: iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2
- Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in unauthorized access to the device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Johnson Controls reports the following products are affected:
- iSTAR Ultra: Versions prior to 6.9.7.CU01
- iSTAR Ultra SE: Versions prior to 6.9.7.CU01
- iSTAR Ultra G2: Versions prior to 6.9.3
- iSTAR Ultra G2 SE: Versions prior to 6.9.3
- iSTAR Edge G2: Versions prior to 6.9.3
3.2 VULNERABILITY OVERVIEW
3.2.1 Improper Neutralization of Special Elements used in an OS Command CWE-78
Under certain circumstances a successful exploitation of this vulnerability could result in access to the device.
CVE-2025-43875 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-43875. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).