{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-3940","assignerOrgId":"0dc86260-d7e3-4e81-ba06-3508e030ce8d","state":"PUBLISHED","assignerShortName":"Honeywell","dateReserved":"2025-04-25T15:21:17.262Z","datePublished":"2025-05-22T12:35:14.174Z","dateUpdated":"2025-05-22T14:00:58.907Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","platforms":["Windows","Linux","QNX"],"product":"Niagara Framework","vendor":"Tridium","versions":[{"lessThan":"4.14.2","status":"affected","version":"0","versionType":"custom"},{"lessThan":"4.15.1","status":"affected","version":"0","versionType":"custom"},{"lessThan":"4.10.11","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"affected","platforms":["Windows","Linux","QNX"],"product":"Niagara Enterprise Security","vendor":"Tridium","versions":[{"lessThan":"4.14.2","status":"affected","version":"0","versionType":"custom"},{"lessThan":"4.15.1","status":"affected","version":"0","versionType":"custom"},{"lessThan":"4.10.11","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"reporter","value":"Andrea Palanca and team at Nozomi Networks"}],"datePublic":"2025-05-08T16:59:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."}],"value":"Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11."}],"impacts":[{"capecId":"CAPEC-153","descriptions":[{"lang":"en","value":"CAPEC-153 Input Data Manipulation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1173","description":"CWE-1173 Improper Use of Validation Framework","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"0dc86260-d7e3-4e81-ba06-3508e030ce8d","shortName":"Honeywell","dateUpdated":"2025-05-22T12:48:54.098Z"},"references":[{"tags":["vendor-advisory"],"url":"https://honeywell.com/us/en/product-security#security-notices"},{"tags":["vendor-advisory"],"url":"https://docs.niagara-community.com/category/tech_bull"}],"source":{"discovery":"UNKNOWN"},"title":"Improper Use of Validation Framework","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-22T13:56:59.299523Z","id":"CVE-2025-3940","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-22T14:00:58.907Z"}}]}}