7.5

CVE-2025-3943

Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TridiumNiagara Version4.10u10
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Version4.14u1
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Version4.15
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Enterprise Security Version4.10u10
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Enterprise Security Version4.14u1
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
TridiumNiagara Enterprise Security Version4.15
   BlackberryQnx Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.337
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@honeywell.com 4.1 2.3 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
CWE-598 Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.