CVE-2025-26386

Vulnerability Description

Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool.

Related Weaknesses (CWE)

CWE-121

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-04
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

FAQ

What is CVE-2025-26386?

CVE-2025-26386 is a documented vulnerability. Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation ...

How severe is CVE-2025-26386?

CVSS scoring is not yet available for CVE-2025-26386. Check NVD for updates.

Is there a patch for CVE-2025-26386?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.