Johnson Controls · Istar Configuration Utility · CVE-2025-26386
**Name of the Vulnerable Software and Affected Versions**
Johnson Controls iSTAR Configuration Utility (ICU) versions prior to 6.9.7
**Description**
The Johnson Controls iSTAR Configuration Utility (ICU) contains a stack-based buffer overflow issue. Exploitation of this issue may lead to operating system failure on systems hosting the ICU tool.
**Recommendations**
Update to a version of Johnson Controls iSTAR Configuration Utility (ICU) later than 6.9.7.