CVE-2025-2629

HIGH

7.3

Descripcion

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Detalles CVE

Puntuacion CVSS v3.17.3

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioREQUIRED

Publicado4/9/2025

Ultima modificacion8/18/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

ni:labview

Debilidades (CWE)

CWE-427

Referencias

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/dll-hijacking-vulnerability-in-ni-labview-when-loading-ni-error-reporting.html(security@ni.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.