CVE-2025-3944

Description

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

PUBLISHED Reserved 2025-04-25 | Published 2025-05-22 | Updated 2025-05-22 | Assigner Honeywell

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Credits

Andrea Palanca and team at Nozomi Network reporter

References

www.honeywell.com/us/en/product-security vendor-advisory

docs.niagara-community.com/category/tech_bull vendor-advisory

cve.org (CVE-2025-3944)

nvd.nist.gov (CVE-2025-3944)

Download JSON