CVE-2025-53695
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-07-29
Assigner: Dragos, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| johnson_controls | istar_ultra_g2 | * |
| johnson_controls | istar_ultra_se | * |
| johnson_controls | istar_ultra | * |
| johnson_controls | istar_pro | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53695 is an OS Command Injection vulnerability in the iSTAR Ultra products' web application. It allows an authenticated attacker to execute arbitrary operating system commands with root-level privileges on the device firmware, potentially gaining full control over the device. [1]
How can this vulnerability impact me? :
This vulnerability can lead to an attacker gaining root-level access to the device firmware, allowing them to execute arbitrary commands, modify device behavior, access sensitive data, and potentially compromise the entire system. It increases the risk of unauthorized control and manipulation of the affected devices. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-53695 involves monitoring for unusual HTTP POST requests targeting the iSTAR Ultra web application, especially those containing suspicious parameters that could trigger OS command injection. Network intrusion detection systems (NIDS) can be configured to alert on anomalous POST requests to the device's web interface. Additionally, reviewing device logs for unexpected root-level command executions or system behavior anomalies may help identify exploitation attempts. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the iSTAR Ultra devices' web interfaces to trusted administrators only, implementing strict access controls, and monitoring for suspicious activity. Since no vendor fixes are planned for this vulnerability and related issues, consider isolating affected devices from untrusted networks and disabling unnecessary services. Firmware upgrades beyond version 6.9.2 may not guarantee mitigation, so compensating controls such as network segmentation and enhanced monitoring are critical. [1]