CVE-2025-3937— Use of Password Hash with Insufficient Computational Effort
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-3937
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use of Password Hash with Insufficient Computational Effort
Source: NVD (National Vulnerability Database)
Vulnerability Description
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用具有不充分计算复杂性的口令哈希
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tridium Niagara Framework,Tridium Niagara Enterprise Security 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tridium Niagara Framework和Tridium Niagara Enterprise Security都是Tridium公司的产品。Tridium Niagara Framework是一个全面的软件基础设施,可解决创建设备到企业应用程序的挑战。Tridium Niagara Enterprise Security是一款基于 Niagara 软件平台构建的全功能访问控制和安全应用程序。 Tridium Niagara Framework,Tridium Niagara Enterpris
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Tridium | Niagara Framework | 0 ~ 4.14.2 | - | |
| Tridium | Niagara Enterprise Security | 0 ~ 4.14.2 | - |
II. Public POCs for CVE-2025-3937
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-3937
请登录查看更多情报信息。
Same Patch Batch · Tridium · 2025-05-22 · 10 CVEs total
| CVE-2025-3945 | 7.2 HIGH | Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) |
| CVE-2025-3944 | 7.2 HIGH | Incorrect Permission Assignment for Critical Resource |
| CVE-2025-3938 | 6.8 MEDIUM | Missing Cryptographic Step |
| CVE-2025-3936 | 6.5 MEDIUM | Incorrect Permission Assignment for Critical Resource |
| CVE-2025-3941 | 5.4 MEDIUM | Improper Handling of Windows: DATA Alternate Data Stream |
| CVE-2025-3940 | 5.3 MEDIUM | Improper Use of Validation Framework |
| CVE-2025-3939 | 5.3 MEDIUM | Observable Response Discrepancy |
| CVE-2025-3942 | 4.3 MEDIUM | Improper Output Neutralization for Logs |
| CVE-2025-3943 | 4.1 MEDIUM | Use of GET Request Method With sensitive Query Strings |
IV. Related Vulnerabilities
Same product: Niagara Framework
- CVE-2025-3945
Improper Neutralization of Argument Delimiters in a Command - CVE-2025-3944
Incorrect Permission Assignment for Critical Resource - CVE-2025-3943
Use of GET Request Method With sensitive Query Strings - CVE-2025-3942
Improper Output Neutralization for Logs - CVE-2025-3941
Improper Handling of Windows: DATA Alternate Data Stream
Same vendor: Tridium
- CVE-2025-3945
Improper Neutralization of Argument Delimiters in a Command - CVE-2025-3944
Incorrect Permission Assignment for Critical Resource - CVE-2025-3943
Use of GET Request Method With sensitive Query Strings - CVE-2025-3942
Improper Output Neutralization for Logs - CVE-2025-3941
Improper Handling of Windows: DATA Alternate Data Stream
V. Comments for CVE-2025-3937
No comments yet