PT-2025-22468 · Tridium +1 · Tridium Niagara Enterprise Security +2

Published

2025-05-22

·

Updated

2025-06-04

·

CVE-2025-3941

CVSS v2.0
10
VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Tridium Niagara Framework versions prior to 4.14.2 Tridium Niagara Framework versions prior to 4.15.1 Tridium Niagara Framework versions prior to 4.10.11 Tridium Niagara Enterprise Security versions prior to 4.14.2 Tridium Niagara Enterprise Security versions prior to 4.15.1 Tridium Niagara Enterprise Security versions prior to 4.10.11
Description The issue affects Tridium Niagara Framework and Tridium Niagara Enterprise Security on Windows, allowing input data manipulation due to improper handling of Windows ::DATA Alternate Data Stream.
Recommendations For Tridium Niagara Framework versions prior to 4.14.2, upgrade to version 4.14.2u2. For Tridium Niagara Framework versions prior to 4.15.1, upgrade to version 4.15.u1. For Tridium Niagara Framework versions prior to 4.10.11, upgrade to version 4.10u.11. For Tridium Niagara Enterprise Security versions prior to 4.14.2, upgrade to version 4.14.2u2. For Tridium Niagara Enterprise Security versions prior to 4.15.1, upgrade to version 4.15.u1. For Tridium Niagara Enterprise Security versions prior to 4.10.11, upgrade to version 4.10u.11.

Fix

Weakness Enumeration

CWE-69CWE-706

Related Identifiers

BDU:2025-09283
CVE-2025-3941

Affected Products

Tridium Niagara Enterprise Security
Tridium Niagara Ax Framework
Windows