Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3942

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Published

2025-05-22T13:15:57.123

Last Modified

2025-06-04T19:27:59.903

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-117
Type: Primary
CWE-116

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tridium	niagara	4.10u10	Yes
Application	tridium	niagara	4.14u1	Yes
Application	tridium	niagara	4.15	Yes
Application	tridium	niagara_enterprise_security	4.10u10	Yes
Application	tridium	niagara_enterprise_security	4.14u1	Yes
Application	tridium	niagara_enterprise_security	4.15	Yes
Operating System	blackberry	qnx	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No

References

https://www.honeywell.com/us/en/product-security#security-notices Vendor Advisory ([email protected])
https://www.tridium.com/us/en/product-security Product ([email protected])