CVE-2025-3942

Published May 22, 2025

Last updated a month ago

CVSS medium 4.3

Overview

Description: Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Source: psirt@honeywell.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

Weaknesses

psirt@honeywell.com: CWE-117
nvd@nist.gov: CWE-116

Hype score: Not currently trending

CVE-2025-3942 Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX al… https://t.co/7kWDLPhxPW
@CVEnew
22 May 2025
241 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3642981A-848E-4DEA-A904-A83B9ED4891D"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References