CVE-2025-53696 | THREATINT

Description

iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.

PUBLISHED Reserved 2025-07-08 | Published 2025-07-28 | Updated 2025-08-19 | Assigner Dragos

CRITICAL: 9.3CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-494 Download of Code Without Integrity Check

Product status

Default status

unknown

Any version

affected

References

raw.githubusercontent.com/...ure/refs/heads/main/2025-03.txt

cve.org (CVE-2025-53696)

nvd.nist.gov (CVE-2025-53696)

Download JSON