CVE-2025-26383

MEDIUM

iSTAR Configuration Utility - Info Disclosure

Title source: llm

Description

The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.

References (2)

[Various Sources] https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-146-01

Scores

CVSS v4 6.3

EPSS 0.0014

EPSS Percentile 33.3%

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-457

Status published

Products (1)

Johnson Controls/iSTAR Configuration Utility (ICU) < All

Published Jun 11, 2025

Tracked Since Feb 18, 2026