CVE-2025-3942

Summary

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Affected Software

VendorProductVersion RangeStatus
TridiumNiagara Framework0 < 4.14.2affected
TridiumNiagara Framework0 < 4.15.1affected
TridiumNiagara Framework0 < 4.10.11affected
TridiumNiagara Enterprise Security0 < 4.14.2affected
TridiumNiagara Enterprise Security0 < 4.15.1affected
TridiumNiagara Enterprise Security0 < 4.10.11affected

Weaknesses

  • CWE-117: CWE-117 Improper Output Neutralization for Logs

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References