CVE-2024-12741 HIGH

CVE-2024-12741: Deserialization Of Untrusted Data Vulnerability In NI DAQExpress Project File

Vendor Ni
Product DAQExpress
Weakness CWE-502 · Unsafe deserialization
Published December 18, 2024
Last update March 6, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions.  Please note that DAQExpress is an EOL product and will not receive any updates.

Key dates

02Disclosure timeline

December 18, 2024 CVE published
March 6, 2025 Record updated