CVE-2025-43876 | Johnson Controls iSTAR Edge G2 os command injection

December 24, 2025 Yanac

A vulnerability classified as critical has been found in Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE and iSTAR Edge G2. The impacted element is an unknown function. This manipulation causes os command injection.

This vulnerability appears as CVE-2025-43876. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More

CVE-2024-39037 | MyNET up to 26.08.316 intmenu sql injection
CVE-2025-67625 | tmtraderunner Trade Runner Plugin up to 3.14 on WordPress cross-site request forgery