CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3938: Missing Cryptographic Step

6.8 CVSS

Description

Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Classification

CVE ID: CVE-2025-3938

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Problem Types

CWE-325 Missing Cryptographic Step

Affected Products

Vendor: Tridium

Product: Niagara Framework, Niagara Enterprise Security

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.54% (scored less or equal to compared to others)

EPSS Date: 2025-06-19 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3938
https://www.honeywell.com/us/en/product-security#security-notices
https://docs.niagara-community.com/category/tech_bull

Timeline

2025-05-22 13:40:21 UTC
CVE

Missing Cryptographic Step