7.8

CVE-2025-2629

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting.  This vulnerability may result in arbitrary code execution.  Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path.  This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NiLabview Version <= 2021
NiLabview Version2022 Updateq1
NiLabview Version2022 Updateq3
NiLabview Version2022 Updateq3_patch1
NiLabview Version2022 Updateq3_patch2
NiLabview Version2022 Updateq3_patch4
NiLabview Version2023 Updateq1
NiLabview Version2023 Updateq3
NiLabview Version2023 Updateq3_patch1
NiLabview Version2023 Updateq3_patch2
NiLabview Version2023 Updateq3_patch3
NiLabview Version2023 Updateq3_patch4
NiLabview Version2023 Updateq3_patch5
NiLabview Version2024 Updateq1
NiLabview Version2024 Updateq1_patch1
NiLabview Version2024 Updateq3
NiLabview Version2024 Updateq3_patch1
NiLabview Version2024 Updateq3_patch2
NiLabview Version2025 Updateq1
NiLabview Version2025 Updateq1_patch1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.017
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security@ni.com 7 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
security@ni.com 7.3 1.3 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.