CVE-2025-61738 LOW

CVE-2025-61738: Johnson Controls PowerG and IQPanel cleartext transmission of sensitive information

Vendor Johnson Controls
Product IQPanel2, IQHub,IQPanel2+,IQPanel 4,PowerG
Weakness CWE-319 · Cleartext transmission
Published December 22, 2025
Last update December 22, 2025

CVSS base score

2.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network.

Key dates

02Disclosure timeline

December 22, 2025 CVE published
December 22, 2025 Record updated