CVE-2025-3944

critical

Description

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

References

Advisories
References

https://www.honeywell.com/us/en/product-security#security-notices

https://docs.niagara-community.com/category/tech_bull

https://thehackernews.com/2025/07/critical-flaws-in-niagara-framework.html

https://www.databreachtoday.com/honeywell-smart-building-middleware-vulnerable-a-29041

Details

Source: Mitre, NVD

Published: 2025-05-22

Updated: 2025-06-04

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00036