{"id":85870,"date":"2025-11-18T06:32:11","date_gmt":"2025-11-18T06:32:11","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-3937-insufficient-password-hash-computational-effort-vulnerability-in-tridium-niagara-framework-and-enterprise-security","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-3937-insufficient-password-hash-computational-effort-vulnerability-in-tridium-niagara-framework-and-enterprise-security\/","title":{"rendered":"CVE-2025-3937: Insufficient Password Hash Computational Effort Vulnerability in Tridium Niagara Framework and Enterprise Security<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The vulnerability, identified as CVE-2025-3937, represents a significant risk in the cybersecurity landscape. It affects the Tridium Niagara Framework and Enterprise Security on Windows, Linux, QNX platforms. The vulnerability lies in the use of password hash with insufficient computational effort, which permits cryptanalysis, potentially leading to system compromise or data leakage.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-3937
\nSeverity: High (7.7 CVSS score)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: None
\nImpact: System compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n