CVE-2025-61736

iSTAR- Improper Validation of Certificate Expiration

Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerJohnson Controls

≫

Produkt iSTAReX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra , iSTAR Ultra SE

Default Statusaffected

Version iSTAR All versions prior to TLS 1.2

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.006

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productsecurity@jci.com	7.1	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-298 Improper Validation of Certificate Expiration

A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age.

https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-04

CVE Source (NVD)

CVE Source (JSON)

EUVD

Team-orientierte Vulnerability Management Plattform