Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Blackberry
  • Qnx
Linux
  • Linux Kernel
Microsoft
  • Windows
Tridium
  • Niagara
  • Niagara Enterprise Security

Configuration 1 [-]

AND
OR cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*
OR cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://docs.niagara-community.com/category/tech_bull cve-icon cve-icon
https://honeywell.com/us/en/product-security#security-notices cve-icon cve-icon
History

Wed, 04 Jun 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Blackberry
Blackberry qnx
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Tridium
Tridium niagara
Tridium niagara Enterprise Security
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:*
cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:*
cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Blackberry
Blackberry qnx
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Tridium
Tridium niagara
Tridium niagara Enterprise Security

Thu, 22 May 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 22 May 2025 13:00:00 +0000

Type Values Removed Values Added
Description Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Title Improper Use of Validation Framework
Weaknesses CWE-1173
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Honeywell

Published: 2025-05-22T12:35:14.174Z

Updated: 2025-05-22T14:00:58.907Z

Reserved: 2025-04-25T15:21:17.262Z

Link: CVE-2025-3940

cve-icon Vulnrichment

Updated: 2025-05-22T14:00:46.814Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-22T13:15:56.870

Modified: 2025-06-04T19:28:55.960

Link: CVE-2025-3940

cve-icon Redhat

No data.