Vendor
ISTAR
Products
3
CVEs
3
Across products
3
Status
Private
Products
3- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-53695 | Cri | 0.61 | — | 0.01 | Jul 28, 2025 | OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware. | ||
| CVE-2025-53696 | Cri | 0.60 | — | 0.00 | Jul 28, 2025 | iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected. | ||
| CVE-2025-26383 | Med | 0.41 | — | 0.00 | Jun 11, 2025 | The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on. |
- risk 0.61cvss —epss 0.01
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.
- risk 0.60cvss —epss 0.00
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.
- risk 0.41cvss —epss 0.00
The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.