Details of VAR-202505-3074

ID

VAR-202505-3074

CVE

CVE-2025-3943

TITLE

Tridium of Niagara and Niagara Enterprise Security Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-006277

DESCRIPTION

Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11

Trust: 1.62

sources: NVD: CVE-2025-3943 // JVNDB: JVNDB-2025-006277

AFFECTED PRODUCTS

vendor:	tridium	model:	niagara	scope:	eq	version:	4.10u10	Trust: 1.0
vendor:	tridium	model:	niagara	scope:	eq	version:	4.15	Trust: 1.0
vendor:	tridium	model:	niagara enterprise security	scope:	eq	version:	4.10u10	Trust: 1.0
vendor:	tridium	model:	niagara	scope:	eq	version:	4.14u1	Trust: 1.0
vendor:	tridium	model:	niagara enterprise security	scope:	eq	version:	4.15	Trust: 1.0
vendor:	tridium	model:	niagara enterprise security	scope:	eq	version:	4.14u1	Trust: 1.0
vendor:	tridium	model:	niagara enterprise security	scope:	-	version:	-	Trust: 0.8
vendor:	tridium	model:	niagara	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-006277 // NVD: CVE-2025-3943

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@honeywell.com:	CVE-2025-3943
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-3943
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-3943
value:	HIGH
Trust: 0.8

psirt@honeywell.com:	CVE-2025-3943
baseSeverity:	MEDIUM
baseScore:	4.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-3943
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2025-3943
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-006277 // NVD: CVE-2025-3943 // NVD: CVE-2025-3943

PROBLEMTYPE DATA

problemtype:	CWE-598	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	GET Information leakage from query string in request (CWE-598) [ others ]	Trust: 0.8
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-006277 // NVD: CVE-2025-3943

EXTERNAL IDS

db:	NVD	id:	CVE-2025-3943	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-006277	Trust: 0.8

sources: JVNDB: JVNDB-2025-006277 // NVD: CVE-2025-3943

REFERENCES

url:	https://honeywell.com/us/en/product-security#security-notices	Trust: 1.8
url:	https://docs.niagara-community.com/category/tech_bull	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-3943	Trust: 0.8

sources: JVNDB: JVNDB-2025-006277 // NVD: CVE-2025-3943

SOURCES

db:	JVNDB	id:	JVNDB-2025-006277
db:	NVD	id:	CVE-2025-3943

LAST UPDATE DATE

2025-06-06T23:25:55.192000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-006277	date:	2025-06-05T04:10:00
db:	NVD	id:	CVE-2025-3943	date:	2025-06-04T19:27:46.100

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-006277	date:	2025-06-05T00:00:00
db:	NVD	id:	CVE-2025-3943	date:	2025-05-22T13:15:57.257