Unrated severityNVD Advisory· Published May 22, 2025· Updated May 22, 2025

Incorrect Permission Assignment for Critical Resource

CVE-2025-3936

Description

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Affected products

Tridium/Niagara Frameworkllm-fuzzy
Range: <4.14.2, <4.15.1, <4.10.11
Tridium/Niagara Enterprise Securityllm-fuzzy
Range: <4.14.2, <4.15.1, <4.10.11
Tridium/Niagara Enterprise Securityv5
Range: 0
Tridium/Niagara Frameworkv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.niagara-community.com/category/tech_bullmitrevendor-advisory
www.honeywell.com/us/en/product-securitymitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000