CVE-2025-3945
published 2025-05-22CVE-2025-3945: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.59%
43.9th percentile
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tridium | niagara | — | — |
| tridium | niagara | — | — |
| tridium | niagara | — | — |
| tridium | niagara_enterprise_security | < 4.14.2 | 4.14.2 |
| tridium | niagara_enterprise_security | < 4.15.1 | 4.15.1 |
| tridium | niagara_enterprise_security | < 4.10.11 | 4.10.11 |
| tridium | niagara_enterprise_security | — | — |
| tridium | niagara_enterprise_security | — | — |
| tridium | niagara_enterprise_security | — | — |
| tridium | niagara_framework | < 4.14.2 | 4.14.2 |
| tridium | niagara_framework | < 4.15.1 | 4.15.1 |
| tridium | niagara_framework | < 4.10.11 | 4.10.11 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-3945 is an Argument Injection (CWE-88) vulnerability in Tridium Niagara Framework and Enterprise Security on QNX; monitor for command delimiter abuse in Niagara process invocations on QNX-based deployments ↗
- →CVE-2025-3945 is part of a chain triggered by CVE-2025-43867 (CVEs CVE-2025-3936 through CVE-2025-3945); detection of CVE-2025-43867 exploitation (network-accessible, low complexity, authenticated) should be treated as a precursor to CVE-2025-3945 exploitation ↗
- →Exploitation is remotely possible with low attack complexity; alert on unexpected inbound network connections to Niagara/FX devices not isolated behind firewalls or VPNs ↗
- →Successful exploitation targets device configuration files; monitor for unexpected reads, modifications, or exfiltration of configuration files on affected Niagara/FX devices ↗
- ·Affected versions span three Niagara release trains; ensure all three are checked during asset inventory — before 4.10.11, before 4.14.2, and before 4.15.1 ↗
- ·The vulnerability is specific to QNX-based deployments of Niagara; non-QNX deployments are not listed as affected ↗
- ·No known public exploitation has been reported at time of advisory publication; threat posture may change ↗
- ·Access to the vendor patch portal requires login credentials; coordinate with asset owners to obtain and apply patches 14.10.11 or 14.14.2 ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Johnson Controls FX Server, FX80 and FX90 (Update A)
cisa_ics·2025-12-04
Johnson Controls FX Server, FX80 and FX90 (Update A)
ICS Advisory
##
Johnson Controls FX Server, FX80 and FX90 (Update A)
Last RevisedDecember 04, 2025
Alert CodeICSA-25-219-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.4
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Johnson Controls Inc.
- Equipment: FX Server, FX80 and FX90
- Vulnerability: Dependency on Vulnerable Third-Party Component
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to compromise the device's configuration files.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Johnson Controls products are affected:
- FX80: FX 14.10.10 and prior
- FX80: FX 14.14.1 and prior
- FX90:
GHSA
GHSA-g8jq-rx5f-94q7: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara
ghsa_unreviewed·2025-05-22
CVE-2025-3945 [HIGH] CWE-88 GHSA-g8jq-rx5f-94q7: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-05-22
Published