CVE-2025-2629

{"id": "CVE-2025-2629", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@ni.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security@ni.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-09T19:15:48.320", "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/dll-hijacking-vulnerability-in-ni-labview-when-loading-ni-error-reporting.html", "tags": ["Vendor Advisory"], "source": "security@ni.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@ni.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions."}, {"lang": "es", "value": "Existe una vulnerabilidad de secuestro de DLL debido a una ruta de b\u00fasqueda no controlada en NI LabVIEW al cargar NI Error Reporting. Esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Para explotarla correctamente, un atacante debe insertar una DLL maliciosa en la ruta de b\u00fasqueda no controlada. Esta vulnerabilidad afecta a NI LabVIEW 2025 Q1 y versiones anteriores."}], "lastModified": "2025-08-18T19:47:18.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "807AE6D5-8096-47A2-A47D-1A5EFC85652D", "versionEndIncluding": "2021"}, {"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F"}, {"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE"}, {"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551"}, {"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104"}, {"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85B3D429-4F3D-44CC-9304-837FB6D7E2A1"}, {"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68"}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E"}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F"}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285"}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30"}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91"}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "329575A0-F12E-478B-9A83-F747D6A161AA"}, {"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30"}, {"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2"}, {"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B"}, {"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2"}, {"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD79D082-AFF5-42CB-9D6C-12CF9A59D205"}, {"criteria": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB0991CF-642F-46D2-9C47-9540347DC074"}, {"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D776E6DE-2635-4172-B08D-B7FB2D1048F9"}], "operator": "OR"}]}], "sourceIdentifier": "security@ni.com"}