CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3943: Use of GET Request Method With sensitive Query Strings

4.1 CVSS

Description

Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Classification

CVE ID: CVE-2025-3943

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Problem Types

CWE-598 Use of GET Request Method With Sensitive Query Strings

Affected Products

Vendor: Tridium

Product: Niagara Framework, Niagara Enterprise Security

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.23% (scored less or equal to compared to others)

EPSS Date: 2025-06-19 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3943
https://honeywell.com/us/en/product-security#security-notices
https://docs.niagara-community.com/category/tech_bull

Timeline

2025-05-22 13:40:21 UTC
CVE

Use of GET Request Method With sensitive Query Strings