CVE-2025-26385 (GCVE-0-2025-26385)
Vulnerability from cvelistv5 – Published: 2026-01-30 11:05 – Updated: 2026-01-30 12:38
VLAI
Title
Metasys product command injection vulnerability could allow remote SQL execution
Summary
Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects
* Metasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation,
* Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation,
* LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1,
* System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior,
* Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Johnson Controls | Metasys |
Affected:
Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation
(custom)
Affected: Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation (custom) Affected: LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1 (custom) Affected: System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior (custom) Affected: Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior (custom) |
Date Public
2026-01-27 10:39
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-30T12:37:58.863009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T12:38:11.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Application and Data Server (ADS)",
"Extended Application and Data Server",
"LCS8500 or NAE8500 (ADX)",
"Controller Configuration Tool (CCT)",
"System Configuration Tool (SCT)"
],
"product": "Metasys",
"vendor": "Johnson Controls",
"versions": [
{
"status": "affected",
"version": "Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation",
"versionType": "custom"
},
{
"status": "affected",
"version": "Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation",
"versionType": "custom"
},
{
"status": "affected",
"version": "LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1",
"versionType": "custom"
},
{
"status": "affected",
"version": "System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior",
"versionType": "custom"
},
{
"status": "affected",
"version": "Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-01-27T10:39:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp;Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution \u003cp\u003eThis issue affects\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eMetasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation,\u0026nbsp;\u003c/li\u003e\u003cli\u003eExtended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation,\u0026nbsp;\u003c/li\u003e\u003cli\u003eLCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1,\u0026nbsp;\u003c/li\u003e\u003cli\u003eSystem Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior,\u0026nbsp;\u003c/li\u003e\u003cli\u003eController Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects\u00a0\n\n\n\n * Metasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation,\u00a0\n * Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation,\u00a0\n * LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1,\u00a0\n * System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior,\u00a0\n * Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T11:05:16.688Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-04"
},
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "a. Follow the Johnson Controls hardening guide steps to ensure your Metasys installation is on a segmented network, not exposed to untrusted networks such as the internet\u003cbr\u003eb. Download and execute the Metasys patch for GIV-165989 from the License Portal \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://software.jci.com/licenseportal/\"\u003ehttps://software.jci.com/licenseportal/\u003c/a\u003e. Login credentials are required\u003cbr\u003ec. Close incoming TCP port 1433\u003cbr\u003ed. For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-02 at the following location: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.johnsoncontrols.com/cyber-solutions/security-advisories\"\u003ehttps://www.johnsoncontrols.com/cyber-solutions/security-advisories\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "a. Follow the Johnson Controls hardening guide steps to ensure your Metasys installation is on a segmented network, not exposed to untrusted networks such as the internet\nb. Download and execute the Metasys patch for GIV-165989 from the License Portal https://software.jci.com/licenseportal/ . Login credentials are required\nc. Close incoming TCP port 1433\nd. For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-02 at the following location: https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Metasys product command injection vulnerability could allow remote SQL execution",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2025-26385",
"datePublished": "2026-01-30T11:05:16.688Z",
"dateReserved": "2025-02-07T14:15:53.880Z",
"dateUpdated": "2026-01-30T12:38:11.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-26385",
"date": "2026-06-30",
"epss": "0.0144",
"percentile": "0.69874"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-26385\",\"sourceIdentifier\":\"productsecurity@jci.com\",\"published\":\"2026-01-30T11:15:53.467\",\"lastModified\":\"2026-06-17T09:01:40.920\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects\u00a0\\n\\n\\n\\n * Metasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation,\u00a0\\n * Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation,\u00a0\\n * LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1,\u00a0\\n * System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior,\u00a0\\n * Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior.\"},{\"lang\":\"es\",\"value\":\"El componente Metasys de Johnson Controls que se enumera a continuaci\u00f3n tiene una vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando (inyecci\u00f3n de comandos). La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir la ejecuci\u00f3n remota de SQL. Este problema afecta a\\n\\n* Metasys: Servidor de Aplicaciones y Datos (ADS) instalado con SQL Express implementado como parte de la instalaci\u00f3n de Metasys 14.1 y anteriores,\\n* Servidor de Aplicaciones y Datos Extendido (ADX) instalado con SQL Express implementado como parte de la instalaci\u00f3n de Metasys 14.1,\\n* LCS8500 o NAE8500 instalado con SQL Express implementado como parte de la instalaci\u00f3n de Metasys Versiones 12.0 a 14.1,\\n* Herramienta de Configuraci\u00f3n del Sistema (SCT) instalado con SQL Express implementado como parte de la instalaci\u00f3n de SCT 17.1 y anteriores,\\n* Herramienta de Configuraci\u00f3n del Controlador (CCT) instalado con SQL Express implementado como parte de la instalaci\u00f3n de CCT 17.0 y anteriores.\"}],\"affected\":[{\"source\":\"productsecurity@jci.com\",\"affectedData\":[{\"vendor\":\"Johnson Controls\",\"product\":\"Metasys\",\"defaultStatus\":\"unaffected\",\"modules\":[\"Application and Data Server (ADS)\",\"Extended Application and Data Server\",\"LCS8500 or NAE8500 (ADX)\",\"Controller Configuration Tool (CCT)\",\"System Configuration Tool (SCT)\"],\"versions\":[{\"version\":\"Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productsecurity@jci.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.5,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-30T12:37:58.863009Z\",\"id\":\"CVE-2025-26385\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"productsecurity@jci.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-04\",\"source\":\"productsecurity@jci.com\"},{\"url\":\"https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\",\"source\":\"productsecurity@jci.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-26385\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-30T12:37:58.863009Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-30T12:38:06.619Z\"}}], \"cna\": {\"title\": \"Metasys product command injection vulnerability could allow remote SQL execution\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-248\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-248 Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.5, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Johnson Controls\", \"modules\": [\"Application and Data Server (ADS)\", \"Extended Application and Data Server\", \"LCS8500 or NAE8500 (ADX)\", \"Controller Configuration Tool (CCT)\", \"System Configuration Tool (SCT)\"], \"product\": \"Metasys\", \"versions\": [{\"status\": \"affected\", \"version\": \"Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"a. Follow the Johnson Controls hardening guide steps to ensure your Metasys installation is on a segmented network, not exposed to untrusted networks such as the internet\\nb. Download and execute the Metasys patch for GIV-165989 from the License Portal https://software.jci.com/licenseportal/ . Login credentials are required\\nc. Close incoming TCP port 1433\\nd. For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-02 at the following location: https://www.johnsoncontrols.com/cyber-solutions/security-advisories\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"a. Follow the Johnson Controls hardening guide steps to ensure your Metasys installation is on a segmented network, not exposed to untrusted networks such as the internet\u003cbr\u003eb. Download and execute the Metasys patch for GIV-165989 from the License Portal \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://software.jci.com/licenseportal/\\\"\u003ehttps://software.jci.com/licenseportal/\u003c/a\u003e. Login credentials are required\u003cbr\u003ec. Close incoming TCP port 1433\u003cbr\u003ed. For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-02 at the following location: \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.johnsoncontrols.com/cyber-solutions/security-advisories\\\"\u003ehttps://www.johnsoncontrols.com/cyber-solutions/security-advisories\u003c/a\u003e\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2026-01-27T10:39:00.000Z\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-04\"}, {\"url\": \"https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects\\u00a0\\n\\n\\n\\n * Metasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation,\\u00a0\\n * Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation,\\u00a0\\n * LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1,\\u00a0\\n * System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior,\\u00a0\\n * Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u0026nbsp;Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution \u003cp\u003eThis issue affects\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eMetasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation,\u0026nbsp;\u003c/li\u003e\u003cli\u003eExtended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation,\u0026nbsp;\u003c/li\u003e\u003cli\u003eLCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1,\u0026nbsp;\u003c/li\u003e\u003cli\u003eSystem Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior,\u0026nbsp;\u003c/li\u003e\u003cli\u003eController Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"7281d04a-a537-43df-bfb4-fa4110af9d01\", \"shortName\": \"jci\", \"dateUpdated\": \"2026-01-30T11:05:16.688Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-26385\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-30T12:38:11.405Z\", \"dateReserved\": \"2025-02-07T14:15:53.880Z\", \"assignerOrgId\": \"7281d04a-a537-43df-bfb4-fa4110af9d01\", \"datePublished\": \"2026-01-30T11:05:16.688Z\", \"assignerShortName\": \"jci\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…