CVE-2025-3938
Last modified
CVE-2025-3938 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tridium | Niagara | 4.10u10 |
| Tridium | Niagara | 4.14u1 |
| Tridium | Niagara | 4.15 |
| Tridium | Niagara Enterprise Security | 4.10u10 |
| Tridium | Niagara Enterprise Security | 4.14u1 |
| Tridium | Niagara Enterprise Security | 4.15 |
References
- https://docs.niagara-community.com/category/tech_bullPermissions Required
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-3938?
How severe is CVE-2025-3938?
How do I fix CVE-2025-3938?
Are you affected by CVE-2025-3938?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST