CVE-2025-3943

Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://docs.niagara-community.com/category/tech_bull
https://honeywell.com/us/en/product-security#security-notices

Configurations

No configuration.

History

23 May 2025, 15:55

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad en el uso del método de solicitud GET con cadenas de consulta sensibles en Tridium Niagara Framework para Windows, Linux y QNX, Tridium Niagara Enterprise Security para Windows, Linux y QNX permite la inyección de parámetros. Este problema afecta a Niagara Framework: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11; y Niagara Enterprise Security: versiones anteriores a la 4.14.2, 4.15.1 y 4.10.11. Tridium recomienda actualizar a las versiones 4.14.2u2, 4.15.u1 o 4.10u.11 de Niagara Framework y Enterprise Security.

22 May 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-22 13:15

Updated : 2025-05-23 15:55

NVD link : CVE-2025-3943

Mitre link : CVE-2025-3943

CVE.ORG link : CVE-2025-3943

JSON object : View

Products Affected

No product.

CWE

CWE-598

Use of GET Request Method With Sensitive Query Strings

4.1 /10