CVE-2025-3945 Information

Description

Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) vulnerability in Tridium Niagara Framework on QNX Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2 before 4.15.1 before 4.10.11; Niagara Enterprise Security: before 4.14.2 before 4.15.1 before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2 4.15.u1 or 4.10u.11.

Reference

https://docs.niagara-community.com/category/tech_bull https://honeywell.com/us/en/product-security#security-notices