CVE-2025-3937 - Vulnerability Details

Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Blackberry	Qnx
Linux	Linux Kernel
Microsoft	Windows
Tridium	Niagara Niagara Enterprise Security

Configuration 1 [-]

AND

OR	cpe:2.3:a:tridium:niagara:4.10u10:::::::*
	cpe:2.3:a:tridium:niagara:4.14u1:::::::*
	cpe:2.3:a:tridium:niagara:4.15:::::::*
	cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:::::::*
	cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:::::::*
	cpe:2.3:a:tridium:niagara_enterprise_security:4.15:::::::*

OR	cpe:2.3:o:blackberry:qnx:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

References

Link	Providers
https://docs.niagara-community.com/category/tech_bull
https://www.honeywell.com/us/en/product-security#security-notices

History

Wed, 04 Jun 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Blackberry Blackberry qnx Linux Linux linux Kernel Microsoft Microsoft windows Tridium Tridium niagara Tridium niagara Enterprise Security
CPEs		cpe:2.3:a:tridium:niagara:4.10u10:::::::* cpe:2.3:a:tridium:niagara:4.14u1:::::::* cpe:2.3:a:tridium:niagara:4.15:::::::* cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:::::::* cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:::::::* cpe:2.3:a:tridium:niagara_enterprise_security:4.15:::::::* cpe:2.3:o:blackberry:qnx:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Blackberry Blackberry qnx Linux Linux linux Kernel Microsoft Microsoft windows Tridium Tridium niagara Tridium niagara Enterprise Security

Thu, 22 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 22 May 2025 12:45:00 +0000

Type	Values Removed	Values Added
Description		Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Title		Use of Password Hash with Insufficient Computational Effort
Weaknesses		CWE-916
References		https://docs.niagara-community.com/category/tech_bull https://www.honeywell.com/us/en/product-security#security-notices
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Honeywell

Published: 2025-05-22T12:23:42.058Z

Updated: 2025-05-22T14:43:13.538Z

Reserved: 2025-04-25T15:21:14.598Z

Link: CVE-2025-3937

Vulnrichment

Updated: 2025-05-22T14:39:46.222Z

NVD

Status : Analyzed

Published: 2025-05-22T13:15:56.457

Modified: 2025-06-04T19:52:59.573

Link: CVE-2025-3937

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object