Nonce Reuse Vulnerability in Johnson Controls Products
CVE-2025-61739

7.2HIGH

Key Information:

Vendor: Johnson Controls
Status: Iq Panels2, 2+, Iqhub, Iqpanel 4, Powerg
Vendor: CVE Published:; 22 December 2025

🔔 Create Johnson Controls Vulnerability Alert

What is CVE-2025-61739?

A security flaw arises from the reuse of nonces in Johnson Controls Security Systems, which could allow attackers to execute reply attacks or decrypt previously captured packets. This vulnerability poses a significant risk to data integrity and confidentiality, potentially exposing sensitive information to unauthorized entities. Addressing this issue is crucial for maintaining robust cybersecurity defenses.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IQ Panels2, 2+, IQHub, IQPanel 4, PowerG IQPanel2 <= 2

IQ Panels2, 2+, IQHub, IQPanel 4, PowerG IQ Panels 2+ <= 2+

IQ Panels2, 2+, IQHub, IQPanel 4, PowerG IQHub

References

https://www.johnsoncontrols.com/trust-center/cybersecurit...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-3...

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 22, 2025
Vulnerability Reserved
Sep 30, 2025

Credit

James Chambers of NCC Group

Sultan Qasim Khan of NCC Group

JSON

Johnson Controls