Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3940

Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Published

2025-05-22T13:15:56.870

Last Modified

2025-06-04T19:28:55.960

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-1173
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tridium	niagara	4.10u10	Yes
Application	tridium	niagara	4.14u1	Yes
Application	tridium	niagara	4.15	Yes
Application	tridium	niagara_enterprise_security	4.10u10	Yes
Application	tridium	niagara_enterprise_security	4.14u1	Yes
Application	tridium	niagara_enterprise_security	4.15	Yes
Operating System	blackberry	qnx	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No

References

https://docs.niagara-community.com/category/tech_bull Permissions Required ([email protected])
https://honeywell.com/us/en/product-security#security-notices Vendor Advisory ([email protected])