PT-2025-22468 · Tridium +1 · Tridium Niagara Ax Framework +2
Published
2025-05-22
·
Updated
2025-06-04
·
CVE-2025-3941
Published
2025-05-22
·
Updated
2025-06-04
·
CVE-2025-3941
9.8
Critical
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Tridium Niagara Framework versions prior to 4.14.2
Tridium Niagara Framework versions prior to 4.15.1
Tridium Niagara Framework versions prior to 4.10.11
Tridium Niagara Enterprise Security versions prior to 4.14.2
Tridium Niagara Enterprise Security versions prior to 4.15.1
Tridium Niagara Enterprise Security versions prior to 4.10.11
Description:
The issue affects Tridium Niagara Framework and Tridium Niagara Enterprise Security on Windows, allowing input data manipulation due to improper handling of Windows ::DATA Alternate Data Stream.
Recommendations:
For Tridium Niagara Framework versions prior to 4.14.2, upgrade to version 4.14.2u2.
For Tridium Niagara Framework versions prior to 4.15.1, upgrade to version 4.15.u1.
For Tridium Niagara Framework versions prior to 4.10.11, upgrade to version 4.10u.11.
For Tridium Niagara Enterprise Security versions prior to 4.14.2, upgrade to version 4.14.2u2.
For Tridium Niagara Enterprise Security versions prior to 4.15.1, upgrade to version 4.15.u1.
For Tridium Niagara Enterprise Security versions prior to 4.10.11, upgrade to version 4.10u.11.
Fix