CVE-2025-61736 is a vulnerability classified under CWE-298, indicating improper validation of certificate expiration in Johnson Controls' iSTAR product family, including iSTAReX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra, and iSTAR Ultra SE. The flaw arises because these products, in versions prior to supporting TLS 1.2, do not correctly handle the expiration of TLS certificates used for secure communication. When the certificate expires, the device fails to re-establish communication, effectively causing a denial of service in the communication channel. This can disrupt the operation of physical security systems that rely on these devices for access control and monitoring. The CVSS 4.0 score of 7.1 (high severity) reflects that the vulnerability is remotely exploitable over a network (attack vector: adjacent network), requires no privileges, no user interaction, and no authentication, but has a high impact on availability. The vulnerability does not compromise confidentiality or integrity directly but impacts system availability by halting communication. No patches or exploits are currently publicly available, but the risk remains significant due to the critical nature of these systems. The issue stems from inadequate certificate lifecycle management and validation logic within the affected firmware versions. Proper mitigation requires upgrading to versions supporting TLS 1.2 or later, which presumably include fixes for certificate validation. Until then, organizations must monitor certificate expiration dates closely and consider compensating controls such as redundant communication paths or manual intervention protocols to restore communication post-expiration.

For European organizations, the impact of CVE-2025-61736 is primarily operational, affecting the availability of physical security systems that utilize Johnson Controls iSTAR products. Disruption in communication can lead to failure in access control, alarm monitoring, and other security functions, potentially exposing facilities to unauthorized access or delayed incident response. Critical infrastructure sectors such as transportation hubs, government buildings, healthcare facilities, and industrial plants that rely on these devices could face increased security risks and operational downtime. The inability to re-establish communication after certificate expiration may also complicate incident management and recovery efforts. Moreover, organizations may face compliance challenges with security regulations requiring continuous monitoring and control of physical access. Given the vulnerability does not allow for data exfiltration or privilege escalation, the confidentiality and integrity impacts are limited, but the availability impact is significant. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits targeting this flaw. European entities with large-scale deployments of Johnson Controls security systems should consider this vulnerability a high priority for remediation to avoid service interruptions.

1. Upgrade affected Johnson Controls iSTAR devices to firmware versions that support TLS 1.2 or later, as these versions are expected to include proper certificate expiration validation. 2. Implement a certificate lifecycle management process that tracks certificate expiration dates well in advance to allow timely renewal or replacement. 3. Where immediate upgrades are not feasible, establish manual monitoring and intervention procedures to restore communication if devices fail post-certificate expiration. 4. Deploy redundant communication channels or failover mechanisms to maintain security system availability during outages caused by this vulnerability. 5. Conduct regular security audits and penetration tests focusing on physical security infrastructure to detect potential disruptions. 6. Coordinate with Johnson Controls support for any interim patches or workarounds that may be available. 7. Integrate alerting systems to notify administrators of impending certificate expirations and communication failures. 8. Review and update incident response plans to include scenarios involving physical security system communication failures. 9. Limit network access to these devices to trusted segments to reduce exposure to potential exploitation attempts. 10. Document and train relevant personnel on the vulnerability and mitigation steps to ensure preparedness.