Home

Description

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

PUBLISHED Reserved 2025-03-21 | Published 2025-04-09 | Updated 2025-04-09 | Assigner NI




HIGH: 7.0CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status
unaffected

Any version before 22.3.4
affected

23.1.0 (semver) before 23.3.5
affected

24.1.0 (semver) before 224.3.2
affected

25.1.0 (semver) before 25.1.1
affected

Credits

Mike Palafox from BLOOMY® finder

References

www.ni.com/...dll-hijacking-vulnerability-in-ni-labview.html

cve.org (CVE-2025-2630)

nvd.nist.gov (CVE-2025-2630)

Download JSON