CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3940: Improper Use of Validation Framework

5.3 CVSS

Description

Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Classification

CVE ID: CVE-2025-3940

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem Types

CWE-1173 Improper Use of Validation Framework

Affected Products

Vendor: Tridium

Product: Niagara Framework, Niagara Enterprise Security

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.11% (probability of being exploited)

EPSS Percentile: 29.99% (scored less or equal to compared to others)

EPSS Date: 2025-06-19 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3940
https://honeywell.com/us/en/product-security#security-notices
https://docs.niagara-community.com/category/tech_bull

Timeline

2025-05-22 13:40:21 UTC
CVE

Improper Use of Validation Framework