Communication Failure Vulnerability in Johnson Controls Products
CVE-2025-61736

7.1HIGH

Key Information:

Vendor: Johnson Controls
Status: Istarex, Istar Edge, Istar Ultra Lt, Istar Ultra , Istar Ultra Se
Vendor: CVE Published:; 17 December 2025

🔔 Create Johnson Controls Vulnerability Alert

What is CVE-2025-61736?

This vulnerability allows for the disruption of communication in Johnson Controls products when the device's security certificate expires. The failure to re-establish communication post-expiration can lead to significant operational issues, impacting the overall performance and reliability of the affected devices. Immediate attention to certificate management and renewal processes is crucial in mitigating this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iSTAReX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra , iSTAR Ultra SE iSTAR All versions prior to TLS 1.2

References

https://www.johnsoncontrols.com/trust-center/cybersecurit...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-3...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Sep 30, 2025

JSON

Johnson Controls

What is CVE-2025-61736?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.