CVE-2025-3936: Incorrect Permission Assignment for Critical Resource
Description
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Classification
CVE ID: CVE-2025-3936
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products
Vendor: Tridium
Product: Niagara Framework, Niagara Enterprise Security
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 6.56% (scored less or equal to compared to others)
EPSS Date: 2025-06-19 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-3936https://docs.niagara-community.com/category/tech_bull
https://www.honeywell.com/us/en/product-security#security-notices