Manuals+
Johnson Controls Facility Explorer Vulnerability Advisory - CVE-2025-43867

Product Security Advisory

August 11, 2025

JCI-PSA-2025-09
CVE-2025-43867
ICSA-25-219-02

Overview

Johnson Controls has confirmed a vulnerability, impacting Facility Explorer software for FX80 and FX90 products.

Impact

Under certain circumstances, a successful exploitation of this vulnerability could compromise the device's configuration files.

Affected Versions

  • FX80 running FX14.10.10 or FX 14.14.1
  • FX90 running FX14.10.10 or FX 14.14.1
  • Note: FX 14.10.10 aligns with Niagara 4.10u10
  • Note: FX 14.14.1 aligns with Niagara 4.14u1

Mitigation

Johnson Controls recommends users update to the latest version. Successful exploitation of CVE-2025-43867 could trigger CVEs CVE-2025-3936 through CVE-2025-3945.

  1. For systems running version 14.10.10, apply the 14.10.11 patch from the software portal.
  2. For systems running version 14.14.1, apply the 14.14.2 patch from the software portal.
  3. The software portal is located at the following link: https://www.solutionnavigator.com/sn/SN_ArticleList?category=Software_Downloads&categoryName=Software%20Downloads&GroupName=Facility_Explorer

Note: Login credentials are required.

Additional Information

In addition to the guidance provided in this advisory, the recommendation provided within the Johnson Controls Hardening Guide should always be applied to minimize security risk.

Visit the Johnson Controls Trust Center Cybersecurity website to access the latest Hardening Guidelines and best practice in cybersecurity: https://www.johnsoncontrols.com/trust-center/cybersecurity/resources

Dates

Initial Publication Date: August 11, 2025

Last Published Date: August 11, 2025

Resources

PDF preview unavailable. Download the PDF instead.

JCI-PSA-2025-09 Microsoft Word for Microsoft 365

Related Documents

Preview Johnson Controls Product Security Advisory: iSTAR Door Controllers Vulnerabilities
Security advisory from Johnson Controls detailing critical vulnerabilities (CVE-2025-53695 to CVE-2025-53700) affecting Software House iSTAR Ultra, SE, G2, and Edge G2 door controllers. Includes affected versions and mitigation steps.
Preview FX Supervisory Controller Upgrade and Migration Instructions Technical Bulletin
Comprehensive guide from Johnson Controls on upgrading FX Workbench and migrating FX Supervisory Controllers and FX Server to version 14.x, covering procedures, compatibility, licensing, and troubleshooting.
Preview SCT Installation and Upgrade Instructions
Comprehensive guide for installing and upgrading the System Configuration Tool (SCT) software on desktop or server-class computers. Covers prerequisites, operating system requirements, SQL Server setup, and detailed procedures for a smooth installation process.
Preview Johnson Controls North America Accounts Payable Helpdesk Contacts
Find essential contact information for Johnson Controls North America Accounts Payable Helpdesk, including phone numbers and email addresses for various business units, plants, and corporate entities. This guide helps direct inquiries regarding purchase orders, invoices, payments, and material discrepancies.
Preview IQ Panel 4 & IQ Hardwire PowerG: Small Business Security & Automation
Explore the IQ Panel 4 and IQ Hardwire PowerG, offering intuitive hybrid security and automation solutions for small businesses. Features include commercial integration, expandability, robust capabilities, and enhanced privacy.
Preview IQ Panel 4 & IQ Hardwire PowerG: Secure and Smart Solutions for Small Businesses
Discover the IQ Panel 4 and IQ Hardwire PowerG, intuitive all-in-one hybrid security and automation solutions designed for small businesses. Learn about their features, applications, and benefits for commercial integrations and simplified installation.
Preview FX MS/TP Communications Bus Technical Bulletin
A comprehensive technical bulletin from Johnson Controls detailing the specifications, rules, wiring, termination, and troubleshooting procedures for the BACnet MS/TP communications bus, essential for building automation system design and maintenance.
Preview Johnson Controls LP-3500 Lighting Control Panel User's Guide
Comprehensive guide for the Johnson Controls LP-3500 Lighting Control Panel, detailing hardware features, software configuration with LP-CT 4.0, and operational procedures for automated lighting systems.