CVE-2025-53696

iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-03.txt

Configurations

No configuration.

History

29 Jul 2025, 14:14

Type	Values Removed	Values Added
Summary		(es) iSTAR Ultra realiza una verificación de firmware al arrancar; sin embargo, esta verificación no inspecciona ciertas partes del firmware. Estas partes podrían contener código malicioso. Se probó hasta la versión 6.9.2; las versiones posteriores también podrían verse afectadas.

28 Jul 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-28 15:15

Updated : 2025-07-29 14:14

NVD link : CVE-2025-53696

Mitre link : CVE-2025-53696

CVE.ORG link : CVE-2025-53696

JSON object : View

Products Affected

No product.

CWE

CWE-494

Download of Code Without Integrity Check

{"id": "CVE-2025-53696", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ot-cert@dragos.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-28T15:15:26.670", "references": [{"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-03.txt", "source": "ot-cert@dragos.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ot-cert@dragos.com", "description": [{"lang": "en", "value": "CWE-494"}]}], "descriptions": [{"lang": "en", "value": "iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected."}, {"lang": "es", "value": "iSTAR Ultra realiza una verificaci\u00f3n de firmware al arrancar; sin embargo, esta verificaci\u00f3n no inspecciona ciertas partes del firmware. Estas partes podr\u00edan contener c\u00f3digo malicioso. Se prob\u00f3 hasta la versi\u00f3n 6.9.2; las versiones posteriores tambi\u00e9n podr\u00edan verse afectadas."}], "lastModified": "2025-07-29T14:14:29.590", "sourceIdentifier": "ot-cert@dragos.com"}