CVE-2025-2629
Last modified
CVE-2025-2629 is a high-severity vulnerability rated 7/10 on the CVSS scale. There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. EPSS estimates a 0.16% chance of exploitation in the next 30 days.
Description
There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Ni | Labview | <= 2021 | — |
| Ni | Labview | 2022 | Q1 |
| Ni | Labview | 2023 | Q1 |
| Ni | Labview | 2024 | Q1 |
| Ni | Labview | 2025 | Q1 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-2629?
How severe is CVE-2025-2629?
How do I fix CVE-2025-2629?
Are you affected by CVE-2025-2629?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST