CVE-2025-2630 HIGH

CVE-2025-2630: DLL Hijacking Vulnerability in NI LabVIEW

Vendor Ni
Product LabVIEW
Weakness CWE-427
Published April 9, 2025
Last update April 9, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Key dates

02Disclosure timeline

April 9, 2025 CVE published
April 9, 2025 Record updated