Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2

Source: All CISA Advisories | Added:

Johnson Controls has identified multiple vulnerabilities in their iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, and Edge G2 door controllers, including OS command injection and insecure storage of sensitive information. Successful exploitation of these vulnerabilities could allow attackers to modify firmware and gain unauthorized access to protected spaces.

Impact: iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2

In the Wild: Unknown

Age: Newly disclosed

Remediation: Firmware version 6.9.3 is available to fix CVE-2025-53695 and reduce risks for other vulnerabilities.

CVE Vulnerability Update

Read Full Original Article →