CVE-2025-26381
CVE-2025-26381 affects Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace (versions 2025.1.2 and earlier). The vulnerability is described as a Direct Request (forced browsing) issue that could allow an attacker to access sensitive information without authentication. Publicly ...