CVE-2025-53696

9.3

Critical

Published:28 Jul 2025

Last updated:17 Jun 2026

Source:ot-cert@dragos.com

Deferred

Weakness (CWE)

CWE-494CWE-494

CVSS Vector

v4.0

Attack Vector: Local
Attack Complexity: Low
Attack Requirements: None
Privileges Required: High
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): High
Confidentiality (Subsequent): High
Integrity (Subsequent): High
Availability (Subsequent): High

View on MITRE Find PoC on GitHub

Description

iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.

References

ot-cert@dragos.com

https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-03.txt