CVE-2025-10203 HIGH

CVE-2025-10203: Relative Path Traversal Vulnerability in Digilent WaveForms

Vendor Digilent

Product WaveForms

Weakness CWE-23

Published September 15, 2025

Last update September 15, 2025

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DWF3WORK file. This vulnerability affects Digilent WaveForms 3.24.3 and prior versions.

Key dates

02Disclosure timeline

September 15, 2025 CVE published

September 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10203

Related vulnerabilities

CVE-2025-10203: Relative Path Traversal Vulnerability in Digilent WaveForms

01Description

02Disclosure timeline

03References

04Related CVE