CVE-2025-3943

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-3943
Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

4.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://docs.niagara-community.com/category/tech_bull Permissions Required
https://honeywell.com/us/en/product-security#security-notices Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*
OR cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

04 Jun 2025, 19:27

Type Values Removed Values Added
First Time Tridium
Linux
Microsoft windows
Tridium niagara Enterprise Security
Linux linux Kernel
Microsoft
Tridium niagara
Blackberry qnx
Blackberry
References () https://docs.niagara-community.com/category/tech_bull - () https://docs.niagara-community.com/category/tech_bull - Permissions Required
References () https://honeywell.com/us/en/product-security#security-notices - () https://honeywell.com/us/en/product-security#security-notices - Vendor Advisory
CWE NVD-CWE-Other
CPE cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

23 May 2025, 15:55

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el uso del método de solicitud GET con cadenas de consulta sensibles en Tridium Niagara Framework para Windows, Linux y QNX, Tridium Niagara Enterprise Security para Windows, Linux y QNX permite la inyección de parámetros. Este problema afecta a Niagara Framework: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11; y Niagara Enterprise Security: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11. Tridium recomienda actualizar a las versiones 4.14.2u2, 4.15.u1 o 4.10u.11 de Niagara Framework y Enterprise Security.

22 May 2025, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-22 13:15

Updated : 2025-06-04 19:27

NVD link : CVE-2025-3943

Mitre link : CVE-2025-3943

CVE.ORG link : CVE-2025-3943

JSON object : View

Products Affected

tridium

  • niagara_enterprise_security
  • niagara

microsoft

  • windows

blackberry

  • qnx

linux

  • linux_kernel
CWE
CWE-598

Use of GET Request Method With Sensitive Query Strings

NVD-CWE-Other