CVE-2025-53696

iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-03.txt

Configurations

No configuration.

History

No history.

Information

Published : 2025-07-28 15:15

Updated : 2025-07-29 14:14

NVD link : CVE-2025-53696

Mitre link : CVE-2025-53696

CVE.ORG link : CVE-2025-53696

JSON object : View

Products Affected

No product.

CWE

CWE-494

Download of Code Without Integrity Check

{"id": "CVE-2025-53696", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-28T15:15:26.670", "references": [{"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-03.txt", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-494"}]}], "descriptions": [{"lang": "en", "value": "iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected."}, {"lang": "es", "value": "iSTAR Ultra realiza una verificaci\u00f3n de firmware al arrancar; sin embargo, esta verificaci\u00f3n no inspecciona ciertas partes del firmware. Estas partes podr\u00edan contener c\u00f3digo malicioso. Se prob\u00f3 hasta la versi\u00f3n 6.9.2; las versiones posteriores tambi\u00e9n podr\u00edan verse afectadas."}], "lastModified": "2025-07-29T14:14:29.590", "sourceIdentifier": "[email protected]"}

CVE-2025-53696

JSON object

Attach tags to CVE-2025-53696

Attach tags to `CVE-2025-53696`