PT-2025-22465 · Linux +3 · Linux +4

Published

2025-05-22

·

Updated

2025-06-04

·

CVE-2025-3938

Report an issue
CVSS v3.1
9.8
VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions:

Tridium Niagara Framework versions prior to 4.14.2, prior to 4.15.1, prior to 4.10.11

Tridium Niagara Enterprise Security versions prior to 4.14.2, prior to 4.15.1, prior to 4.10.11

Description:

The issue affects Tridium Niagara Framework and Tridium Niagara Enterprise Security on various operating systems, including Windows, Linux, and QNX. It allows for Cryptanalysis due to a missing cryptographic step.

Recommendations:

For Tridium Niagara Framework versions prior to 4.14.2, upgrade to version 4.14.2u2.

For Tridium Niagara Framework versions prior to 4.15.1, upgrade to version 4.15.u1.

For Tridium Niagara Framework versions prior to 4.10.11, upgrade to version 4.10u.11.

For Tridium Niagara Enterprise Security versions prior to 4.14.2, upgrade to version 4.14.2u2.

For Tridium Niagara Enterprise Security versions prior to 4.15.1, upgrade to version 4.15.u1.

For Tridium Niagara Enterprise Security versions prior to 4.10.11, upgrade to version 4.10u.11.

Fix

Use of a Broken Cryptographic Algorithm

Weakness Enumeration

CWE-325CWE-327

Related Identifiers

CVE-2025-3938

Affected Products

Linux
Qnx
Tridium Niagara Enterprise Security
Tridium Niagara Ax Framework
Windows