Detections
Analytics

CVE-2025-3936

critical

Description

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

References

https://www.honeywell.com/us/en/product-security#security-notices

https://docs.niagara-community.com/category/tech_bull

https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-02

https://thehackernews.com/2025/07/critical-flaws-in-niagara-framework.html

Details

Source: Mitre, NVD

Published: 2025-05-22

Updated: 2025-06-04

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00011