CVE-2025-3942

MEDIUM4.3

Improper Output Neutralization for Logs

Published May 22, 2025

Modified 9 months ago

Details

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

References

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-3942

ADVISORY

https://www.honeywell.com/us/en/product-security#security-notices

ADVISORY

https://www.tridium.com/us/en/product-security

CVSS Analysis

CVSS v3.1

4.3

Exploitability

Attack Vector