CVE-2025-2629

HIGH

7.3

Description

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Details CVE

Score CVSS v3.17.3

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurREQUIRED

Publie4/9/2025

Derniere modification8/18/2025

Sourcenvd

Observations honeypot0

Produits affectes

ni:labview

Faiblesses (CWE)

CWE-427

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/dll-hijacking-vulnerability-in-ni-labview-when-loading-ni-error-reporting.html(security@ni.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.