Istar Ultra G2 CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-43875	1 Johnsoncontrols	5 Istar Edge G2, Istar Ultra, Istar Ultra G2 and 2 more	2025-12-29	N/A
Under certain circumstances a successful exploitation could result in access to the device.
CVE-2025-43876	1 Johnsoncontrols	5 Istar Edge G2, Istar Ultra, Istar Ultra G2 and 2 more	2025-12-29	N/A
Under certain circumstances a successful exploitation could result in access to the device.
CVE-2025-43873	1 Johnsoncontrols	6 Edge G2, Istar Edge G2, Istar Ultra and 3 more	2025-12-18	N/A
Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device.
CVE-2023-3127	1 Johnsoncontrols	8 Edge G2, Edge G2 Firmware, Istar Ultra and 5 more	2024-11-21	7.5 High
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.

Page 1 of 1.