Buffer Overflow Vulnerability in iSTAR Configuration Utility by Johnson Controls
CVE-2025-26382
9.3CRITICAL
Summary
The iSTAR Configuration Utility from Johnson Controls is susceptible to a buffer overflow vulnerability under specific conditions, potentially allowing attackers to execute arbitrary code or disrupt the system's performance. This vulnerability poses a serious risk, particularly in environments where the integrity and availability of systems are critical.
Affected Version(s)
iSTAR Configuration Utility (ICU) 0
References
CVSS V4
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Reid Wightman