There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
References
Configurations
Configuration 1 (hide)
|
History
18 Aug 2025, 19:47
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:* cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:* cpe:2.3:a:ni:labview:2022:q3_patch4:*:*:*:*:*:* cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:* cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:* cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:* cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:* cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:* cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:* cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:* cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:* cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:* cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:* cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:* cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:* cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:* cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:* cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:* cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:* cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:* |
|
| First Time |
Ni
Ni labview |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| References | () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/dll-hijacking-vulnerability-in-ni-labview-when-loading-ni-error-reporting.html - Vendor Advisory |
09 Apr 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-04-09 19:15
Updated : 2025-08-18 19:47
NVD link : CVE-2025-2629
Mitre link : CVE-2025-2629
JSON object : View
Products Affected
ni
- labview
CWE
No CWE.