CVE-2025-2630

Summary

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Affected Software

VendorProductVersion RangeStatus
NILabVIEW0 < 22.3.4affected
NILabVIEW23.1.0 < 23.3.5affected
NILabVIEW24.1.0 < 224.3.2affected
NILabVIEW25.1.0 < 25.1.1affected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References