CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3942: Improper Output Neutralization for Logs

4.3 CVSS

Description

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Classification

CVE ID: CVE-2025-3942

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem Types

CWE-117 Improper Output Neutralization for Logs

Affected Products

Vendor: Tridium

Product: Niagara Framework, Niagara Enterprise Security

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 8.25% (scored less or equal to compared to others)

EPSS Date: 2025-06-20 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3942
https://www.tridium.com/us/en/product-security
https://www.honeywell.com/us/en/product-security#security-notices

Timeline

2025-05-22 13:40:21 UTC
CVE

Improper Output Neutralization for Logs