CVE-2025-61739 HIGH

CVE-2025-61739: Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG reusing a nonce, key pair in encryption

Vendor Johnson Controls
Product IQ Panels2, 2+, IQHub, IQPanel 4, PowerG
Weakness CWE-323
Published December 22, 2025
Last update December 22, 2025

CVSS base score

7.2/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.

Key dates

02Disclosure timeline

December 22, 2025 CVE published
December 22, 2025 Record updated