Improper Handling of Windows ::DATA Alternate Data Stream

CVE-2025-3941

Medium

5.4/10

Summary

Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-69 - Improper Handling of Windows ::DATA Alternate Data Stream

The software does not properly prevent access to, or detect usage of, alternate data streams (ADS).

References

Advisory Timeline

Published May 22, 2025

Improper Handling of Windows ::DATA Alternate Data Stream

CVE-2025-3941

Summary

CWE-69 - Improper Handling of Windows ::DATA Alternate Data Stream

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS