{"id":"CVE-2025-3945","details":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.","modified":"2026-05-04T08:50:23.140994Z","published":"2025-05-22T13:15:57.517Z","withdrawn":"2026-05-04T08:50:23.140994Z","references":[{"type":"ADVISORY","url":"https://honeywell.com/us/en/product-security#security-notices"},{"type":"REPORT","url":"https://docs.niagara-community.com/category/tech_bull"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3945.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.10u10"}]},{"events":[{"introduced":"0"},{"last_affected":"4.14u1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.15"}]},{"events":[{"introduced":"0"},{"last_affected":"4.10u10"}]},{"events":[{"introduced":"0"},{"last_affected":"4.14u1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.15"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}