{"id":"CVE-2025-3938","details":"Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.","modified":"2026-05-04T08:50:23.041488Z","published":"2025-05-22T13:15:56.587Z","withdrawn":"2026-05-04T08:50:23.041488Z","references":[{"type":"ADVISORY","url":"https://www.honeywell.com/us/en/product-security#security-notices"},{"type":"REPORT","url":"https://docs.niagara-community.com/category/tech_bull"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3938.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.10u10"}]},{"events":[{"introduced":"0"},{"last_affected":"4.14u1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.15"}]},{"events":[{"introduced":"0"},{"last_affected":"4.10u10"}]},{"events":[{"introduced":"0"},{"last_affected":"4.14u1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.15"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}