Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
References
Link | Resource |
---|---|
https://docs.niagara-community.com/category/tech_bull | Permissions Required |
https://honeywell.com/us/en/product-security#security-notices | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
04 Jun 2025, 19:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.niagara-community.com/category/tech_bull - Permissions Required | |
References | () https://honeywell.com/us/en/product-security#security-notices - Vendor Advisory | |
First Time |
Tridium
Tridium niagara Blackberry Microsoft Linux Microsoft windows Linux linux Kernel Tridium niagara Enterprise Security Blackberry qnx |
|
CPE | cpe:2.3:a:tridium:niagara_enterprise_security:4.10u10:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara:4.14u1:*:*:*:*:*:*:* cpe:2.3:o:blackberry:qnx:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara:4.15:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara_enterprise_security:4.15:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara_enterprise_security:4.14u1:*:*:*:*:*:*:* cpe:2.3:a:tridium:niagara:4.10u10:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-Other |
23 May 2025, 15:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 May 2025, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-22 13:15
Updated : 2025-06-04 19:27
NVD link : CVE-2025-3943
Mitre link : CVE-2025-3943
CVE.ORG link : CVE-2025-3943
JSON object : View
Products Affected
linux
- linux_kernel
tridium
- niagara_enterprise_security
- niagara
blackberry
- qnx
microsoft
- windows
CWE