CVE-2025-26383

The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-146-01
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

Configurations

No configuration.

History

12 Jun 2025, 16:06

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-11 16:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-26383

Mitre link : CVE-2025-26383

CVE.ORG link : CVE-2025-26383

JSON object : View

Products Affected

No product.

CWE

CWE-457

Use of Uninitialized Variable

{"id": "CVE-2025-26383", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "productsecurity@jci.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-11T16:15:23.547", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-146-01", "source": "productsecurity@jci.com"}, {"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories", "source": "productsecurity@jci.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "productsecurity@jci.com", "description": [{"lang": "en", "value": "CWE-457"}]}], "descriptions": [{"lang": "en", "value": "The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on."}, {"lang": "es", "value": "La herramienta iSTAR Configuration Utility (ICU) pierde memoria, lo que podr\u00eda provocar la exposici\u00f3n no intencionada de datos no autorizados de la PC con Windows en la que se ejecuta ICU."}], "lastModified": "2025-06-12T16:06:20.180", "sourceIdentifier": "productsecurity@jci.com"}

CVE-2025-26383

JSON object

Attach tags to CVE-2025-26383

Attach tags to `CVE-2025-26383`