Researchers have identified 13 critical vulnerabilities in Tridium's Niagara Framework, affecting versions 4.10u10 and earlier, as well as 4.14u1 and earlier, potentially allowing attackers to compromise building automation systems. These flaws, including CVE-2025-3937 with a CVSS score of 7.7, could lead to complete system compromise, especially when encryption is disabled. Tridium has released patches, urging organizations to update and implement network segmentation to mitigate risks in critical infrastructure environments.

‍