CVE-2025-30419

There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-circuit-design-suite.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ni:circuit_design_suite:*:*:*:*:*:*:*:*

History

20 May 2025, 15:49

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ni:circuit_design_suite::::::::
References	~~() https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-circuit-design-suite.html -~~	() https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-circuit-design-suite.html - Vendor Advisory
First Time		Ni Ni circuit Design Suite

16 May 2025, 14:43

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de corrupción de memoria debido a una lectura fuera de los límites en GetSymbolBorderRectSize() al usar SymbolEditor en NI Circuit Design Suite. Esta vulnerabilidad puede provocar la divulgación de información o la ejecución de código arbitrario. Para explotarla con éxito, un atacante debe obligar al usuario a abrir un archivo .sym especialmente manipulado. Esta vulnerabilidad afecta a NI Circuit Design Suite 14.3.0 y versiones anteriores.

15 May 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-15 17:15

Updated : 2025-05-20 15:49

NVD link : CVE-2025-30419

Mitre link : CVE-2025-30419

CVE.ORG link : CVE-2025-30419

JSON object : View

Products Affected

ni

circuit_design_suite

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2025-30419", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@ni.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security@ni.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-15T17:15:53.840", "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-circuit-design-suite.html", "tags": ["Vendor Advisory"], "source": "security@ni.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@ni.com", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. \u00a0This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions."}, {"lang": "es", "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria debido a una lectura fuera de los l\u00edmites en GetSymbolBorderRectSize() al usar SymbolEditor en NI Circuit Design Suite. Esta vulnerabilidad puede provocar la divulgaci\u00f3n de informaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario. Para explotarla con \u00e9xito, un atacante debe obligar al usuario a abrir un archivo .sym especialmente manipulado. Esta vulnerabilidad afecta a NI Circuit Design Suite 14.3.0 y versiones anteriores."}], "lastModified": "2025-05-20T15:49:39.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ni:circuit_design_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB025F12-FF09-43D3-8CE9-0F0300DFB092", "versionEndExcluding": "14.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@ni.com"}