Authentication Vulnerability in Johnson Controls Products
CVE-2025-61740

7.2HIGH

Key Information:

Vendor: Johnson Controls
Status: Iq Panels2, 2+, Iqhub, Iqpanel 4, Powerg
Vendor: CVE Published:; 22 December 2025

🔔 Create Johnson Controls Vulnerability Alert

What is CVE-2025-61740?

An authentication vulnerability exists in multiple Johnson Controls products, where the system fails to adequately verify the source of incoming packets. This oversight could potentially enable a malicious actor to disrupt service availability through a denial-of-service condition or gain unauthorized access to modify device configurations. Organizations utilizing affected Johnson Controls products are encouraged to assess their security protocols and apply recommended mitigations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IQ Panels2, 2+, IQHub, IQPanel 4, PowerG IQ Panels2 <= 2

IQ Panels2, 2+, IQHub, IQPanel 4, PowerG IQ Panels2+ <= 2+

IQ Panels2, 2+, IQHub, IQPanel 4, PowerG IQHub

References

https://www.johnsoncontrols.com/trust-center/cybersecurit...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-3...

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 22, 2025
Vulnerability Reserved
Sep 30, 2025

Credit

James Chambers of NCC group

Sultan Qasim Khan of NCC group

JSON

Johnson Controls