CVE-2025-3940
published 2025-05-22CVE-2025-3940: Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.30%
21.6th percentile
Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tridium | niagara | — | — |
| tridium | niagara | — | — |
| tridium | niagara | — | — |
| tridium | niagara_enterprise_security | < 4.14.2 | 4.14.2 |
| tridium | niagara_enterprise_security | < 4.15.1 | 4.15.1 |
| tridium | niagara_enterprise_security | < 4.10.11 | 4.10.11 |
| tridium | niagara_enterprise_security | — | — |
| tridium | niagara_enterprise_security | — | — |
| tridium | niagara_enterprise_security | — | — |
| tridium | niagara_framework | < 4.14.2 | 4.14.2 |
| tridium | niagara_framework | < 4.15.1 | 4.15.1 |
| tridium | niagara_framework | < 4.10.11 | 4.10.11 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5c2w-vf3p-r6vw: Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows
ghsa_unreviewed·2025-05-22
CVE-2025-3940 [MEDIUM] CWE-1173 GHSA-5c2w-vf3p-r6vw: Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows
Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Red Hat
kernel: Linux kernel: Denial of Service via NULL dereference in rtnl_create_link()
vendor_redhat·2025-07-10·CVSS 5.5
CVE-2025-38271 [MEDIUM] CWE-476 kernel: Linux kernel: Denial of Service via NULL dereference in rtnl_create_link()
kernel: Linux kernel: Denial of Service via NULL dereference in rtnl_create_link()
In the Linux kernel, the following vulnerability has been resolved:
net: prevent a NULL deref in rtnl_create_link()
At the time rtnl_create_link() is running, dev->netdev_ops is NULL,
we must not use netdev_lock_ops() or risk a NULL deref if
CONFIG_NET_SHAPER is defined.
Use netif_set_group() instead of dev_set_group().
RIP: 0010:netdev_need_ops_lock include/net/netdev_lock.h:33 [inline]
RIP: 0010:netdev_lock_ops include/net/netdev_lock.h:41 [inline]
RIP: 0010:dev_set_group+0xc0/0x230 net/core/dev_api.c:82
Call Trace:
rtnl_create_link+0x748/0xd10 net/core/rtnetlink.c:3674
rtnl_newlink_create+0x25c/0xb00 net/core/rtnetlink.c:3813
__rtnl_newlink net/core/rtnetlink.c:3940 [inline]
rtnl_newlink+0x16d6/0x1c70 n
No detection rules found.
No public exploits indexed.
2025-05-22
Published