CVE-2025-2629
7
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NI | LabVIEW | 0 < 22.3.4 | affected |
| NI | LabVIEW | 23.1.0 < 223.3.5 | affected |
| NI | LabVIEW | 24.1.0 < 24.3.2 | affected |
| NI | LabVIEW | 25.1.0 < 25.1.1 | affected |
Weaknesses
- CWE-427: CWE-427 Uncontrolled Search Path Element
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.