CVE-2025-3943

Published May 22, 2025

Last updated a month ago

CVSS medium 4.1

Overview

Description: Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Source: psirt@honeywell.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

psirt@honeywell.com: CWE-598
nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

CVE-2025-3943 Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows… https://t.co/u9Lli0pa4B
@CVEnew
22 May 2025
221 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0615B9FA-E837-4C21-8968-F3273718DF7D"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEE26A6F-876E-450D-8A5F-EF4A3EF96A13"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00C6667A-9873-4A75-AB11-3427AA1E552D"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E694C4DB-66F7-4753-81D8-9085B5E3A207"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "506E75F5-D259-4BAC-9C1A-83C9AD54D608"
          },
          {
            "criteria": "cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DF70636-5B89-4646-80F3-83C906B0EB3C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3642981A-848E-4DEA-A904-A83B9ED4891D"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References