CVE-2025-3940

Published May 22, 2025

Last updated a month ago

CVSS medium 5.3

Overview

Description: Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Source: psirt@honeywell.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

psirt@honeywell.com: CWE-1173
nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

CVE-2025-3940 Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allow… https://t.co/oNC2lzHUB0
@CVEnew
22 May 2025
239 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3642981A-848E-4DEA-A904-A83B9ED4891D"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References