openblue

OpenBlue is a Johnson Controls platform for building management and workplace optimization. Recent discussions on WindowsForum.com focus on a security vulnerability in the OpenBlue Mobile Web Application, tracked as CVE-2025-26381. This forced browsing flaw could allow unauthorized access to sensitive information. The vendor has released patch 2025.1.3 to address the issue, with interim guidance to disable the mobile app in IIS. U.S. federal coordination via CISA has issued related advisories. Users and IT administrators managing OpenBlue deployments should prioritize applying the patch to mitigate risks.