CVE-2025-26386

Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool

Description

Johnson Controls iSTAR Configuration Utility (ICU) has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility (ICU) version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the ICU tool.

INFO

Published Date :

2026-01-28T11:24:46.317Z

Last Modified :

2026-01-28T15:49:08.575Z

Source :

jci

AFFECTED PRODUCTS

The following products are affected by CVE-2025-26386 vulnerability.

Vendors	Products
Johnsoncontrols	Istar Configuration Utility

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-26386.

URL	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-04
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability