U
se of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
| Link | Resource |
|---|---|
| https://docs.niagara-community.com/category/tech_bull | Permissions Required |
| https://honeywell.com/us/en/product-security#security-notices | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
04 Jun 2025, 19:27
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Blackberry qnx
Blackberry Tridium niagara Enterprise Security Tridium niagara Microsoft windows Linux linux Kernel Microsoft Linux Tridium |
|
| CWE | NVD-CWE-Other | |
| CPE | cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:* cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
| References | () https://docs.niagara-community.com/category/tech_bull - Permissions Required | |
| References | () https://honeywell.com/us/en/product-security#security-notices - Vendor Advisory |
23 May 2025, 15:55
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-05-22 13:15
Updated : 2025-06-04 19:27
NVD link : CVE-2025-3943
Mitre link : CVE-2025-3943
CVE.ORG link : CVE-2025-3943
JSON object : View
Products Affected
CWE