Johnson Controls FX80 & FX90: Vulnerability Threat or Just a Patch Away?
View CSAF: Johnson Controls’ FX80 and FX90 devices have a critical vulnerability due to a third-party component flaw. With a CVSS v4 score of 8.4, attackers could remotely compromise configurations with low effort. Don’t panic—just update to the latest version. And remember, running unpatched software is like leaving your back door wide open.
Hot Take:
**_Oh, Johnson Controls, you’ve done it again! Just when we thought we could control everything from our smartphones, you managed to throw a wrench—or more accurately, a vulnerable component—into the works. It’s like giving a toddler a drum set and expecting a symphony. Bravo, folks!_**
Key Points:
– Johnson Controls’ FX80 and FX90 devices are susceptible to a vulnerability due to a third-party component.
– The vulnerability, tagged as CVE-2025-43867, could allow attackers to access device configuration files.
– The CVSS v4 score for this vulnerability is 8.4, which translates roughly to “yikes” on the worry-meter.
– Patch updates are available for affected systems, but you’ll need to remember your login credentials for the software portal.
– CISA recommends keeping systems behind firewalls and using secure VPNs for remote access—because who doesn’t love playing cybersecurity hide and seek?