CVE-2025-3937

Summary

Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Affected Software

VendorProductVersion RangeStatus
TridiumNiagara Framework0 < 4.14.2affected
TridiumNiagara Framework0 < 4.15.1affected
TridiumNiagara Framework0 < 4.10.11affected
TridiumNiagara Enterprise Security0 < 4.14.2affected
TridiumNiagara Enterprise Security0 < 4.15.1affected
TridiumNiagara Enterprise Security0 < 4.10.11affected

Weaknesses

  • CWE-916: CWE-916 Use of Password Hash With Insufficient Computational Effort

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References