CVE-2025-3943

CVSS v2.0

7.8

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tridium Niagara Framework versions prior to 4.14.2, prior to 4.15.1, prior to 4.10.11 Tridium Niagara Enterprise Security versions prior to 4.14.2, prior to 4.15.1, prior to 4.10.11

Description The issue affects Tridium Niagara Framework and Tridium Niagara Enterprise Security, allowing Parameter Injection through the use of GET Request Method With Sensitive Query Strings.

Recommendations For Tridium Niagara Framework versions prior to 4.14.2, upgrade to version 4.14.2u2. For Tridium Niagara Framework versions prior to 4.15.1, upgrade to version 4.15.u1. For Tridium Niagara Framework versions prior to 4.10.11, upgrade to version 4.10u.11. For Tridium Niagara Enterprise Security versions prior to 4.14.2, upgrade to version 4.14.2u2. For Tridium Niagara Enterprise Security versions prior to 4.15.1, upgrade to version 4.15.u1. For Tridium Niagara Enterprise Security versions prior to 4.10.11, upgrade to version 4.10u.11.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-598

Related Identifiers

BDU:2025-09284

CVE-2025-3943

Affected Products

Tridium Niagara Enterprise Security

Tridium Niagara Ax Framework

CVE-2025-3943

Weakness Enumeration

Related Identifiers

Affected Products

References · 9