Vulnerabilities in Johnson Controls, Inc

2 results

CVE-2025-53695CRITICALOS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' usEPSS 0.9%CVE-2025-53696CRITICALiSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmEPSS 0.1%