Unrated severityNVD Advisory· Published May 22, 2025· Updated May 22, 2025

Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’)

CVE-2025-3945

Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Affected products

Tridium/Niagara Frameworkllm-fuzzy
Range: <4.14.2, <4.15.1, <4.10.11
Tridium/Niagara Enterprise Securityllm-fuzzy
Range: <4.14.2, <4.15.1, <4.10.11
Tridium/Niagara Enterprise Securityv5
Range: 0
Tridium/Niagara Frameworkv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.niagara-community.com/category/tech_bullmitrevendor-advisory
honeywell.com/us/en/product-securitymitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000