Home

Description

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device.

PUBLISHED Reserved 2025-04-17 | Published 2025-12-17 | Updated 2025-12-17 | Assigner jci




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

Any version
affected

Credits

Reid Wightman of Dragos reported these vulnerabilities to CISA. finder

References

www.johnsoncontrols.com/...cybersecurity/security-advisories

www.cisa.gov/news-events/ics-advisories/icsa-25-345-02

cve.org (CVE-2025-43873)

nvd.nist.gov (CVE-2025-43873)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.