CVE-2025-26383 | THREATINT

Description

The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.

PUBLISHED Reserved 2025-02-07 | Published 2025-06-11 | Updated 2025-06-11 | Assigner jci

MEDIUM: 6.3CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-457: Use of Uninitialized Variable

Product status

Default status

affected

Any version

affected

References

www.johnsoncontrols.com/...cybersecurity/security-advisories

www.cisa.gov/news-events/ics-advisories/icsa-25-146-01

cve.org (CVE-2025-26383)

nvd.nist.gov (CVE-2025-26383)

Download JSON