CVE-2025-3941
published 2025-05-22CVE-2025-3941: Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.47%
37.2th percentile
Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tridium | niagara | — | — |
| tridium | niagara | — | — |
| tridium | niagara | — | — |
| tridium | niagara_enterprise_security | < 4.14.2 | 4.14.2 |
| tridium | niagara_enterprise_security | < 4.15.1 | 4.15.1 |
| tridium | niagara_enterprise_security | < 4.10.11 | 4.10.11 |
| tridium | niagara_enterprise_security | — | — |
| tridium | niagara_enterprise_security | — | — |
| tridium | niagara_enterprise_security | — | — |
| tridium | niagara_framework | < 4.14.2 | 4.14.2 |
| tridium | niagara_framework | < 4.15.1 | 4.15.1 |
| tridium | niagara_framework | < 4.10.11 | 4.10.11 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-05-22
Published