CVE-2025-3943
Last modified
CVE-2025-3943 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.. EPSS estimates a 7.06% chance of exploitation in the next 30 days.
Description
Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tridium | Niagara | 4.10u10 |
| Tridium | Niagara | 4.14u1 |
| Tridium | Niagara | 4.15 |
| Tridium | Niagara Enterprise Security | 4.10u10 |
| Tridium | Niagara Enterprise Security | 4.14u1 |
| Tridium | Niagara Enterprise Security | 4.15 |
References
- https://docs.niagara-community.com/category/tech_bullPermissions Required
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-3943?
How severe is CVE-2025-3943?
How do I fix CVE-2025-3943?
Are you affected by CVE-2025-3943?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST