Istar Ultra Lt CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-61736	1 Johnsoncontrols	5 Istar Edge, Istar Ultra, Istar Ultra Lt and 2 more	2025-12-17	N/A
Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires.
CVE-2023-3127	1 Johnsoncontrols	8 Edge G2, Edge G2 Firmware, Istar Ultra and 5 more	2024-11-21	7.5 High
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.

Page 1 of 1.