Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3937

Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Published

2025-05-22T13:15:56.457

Last Modified

2025-06-04T19:52:59.573

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

Weaknesses

Type: Secondary
CWE-916
Type: Primary
CWE-916

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tridium	niagara	4.10u10	Yes
Application	tridium	niagara	4.14u1	Yes
Application	tridium	niagara	4.15	Yes
Application	tridium	niagara_enterprise_security	4.10u10	Yes
Application	tridium	niagara_enterprise_security	4.14u1	Yes
Application	tridium	niagara_enterprise_security	4.15	Yes
Operating System	blackberry	qnx	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No

References

https://docs.niagara-community.com/category/tech_bull Permissions Required ([email protected])
https://www.honeywell.com/us/en/product-security#security-notices Vendor Advisory ([email protected])