CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

CVE-2025-26385

CVE-2025-26385 concerns Johnson Controls Metasys components vulnerable to an Improper Neutralization of Special Elements used in a Command (Command Injection) , with potential for remote SQL execution . Affected versions include Metasys ADS/ADX with SQL Express in 14.1 and earlier, LCS8500/NAE850...

CVE-2025-26385 Metasys product command injection vulnerability could allow remote SQL execution

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

PT-2026-5389

Name of the Vulnerable Software and Affected Versions Johnson Controls Metasys versions 12.0 through 14.1 Johnson Controls Metasys Application and Data Server ADS versions 14.1 and prior Johnson Controls Metasys Extended Application and Data Server ADX version 14.1 Johnson Controls Metasys System...