CVE-2025-57778 | THREATINT

Description

There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid source address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted DSB file. The vulnerability affects all versions of DASYLab.

PUBLISHED Reserved 2025-08-19 | Published 2025-09-02 | Updated 2025-09-02 | Assigner NI

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input

Product status

Default status

unaffected

Any version

affected

Credits

kimiya working with Trend Micro Zero Day Initiative finder

References

www.ni.com/...ption-vulnerabilities-in-digilent-dasylab.html

cve.org (CVE-2025-57778)

nvd.nist.gov (CVE-2025-57778)

Download JSON