CVE-2025-53696
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-07-28

Last updated on: 2025-07-29

Assigner: Dragos, Inc.

Description
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-28
Last Modified
2025-07-29
Generated
2026-05-07
AI Q&A
2025-07-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53696
EUVD
EUVD-2025-22915
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-494 The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in iSTAR Ultra firmware verification during boot. Although the firmware is verified, certain portions of the firmware are not inspected. These unchecked parts may contain malicious code, allowing potentially harmful code to run on the device. The issue has been tested up to firmware version 6.9.2, and later versions may also be affected.


How can this vulnerability impact me? :

The vulnerability can allow malicious code to be present and executed on the device because parts of the firmware are not verified. This can lead to unauthorized actions, compromise of device integrity, and potentially severe security breaches given the high CVSS score of 9.3, indicating critical impact.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart