Description
There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
Scores
CVSS v3
7.3
EPSS
0.0006
EPSS Percentile
18.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-427
Status
published
Products (5)
ni/labview
2022 q1 (5 CPE variants)
ni/labview
2023 q1 (7 CPE variants)
ni/labview
2024 q1 (5 CPE variants)
ni/labview
2025 q1 (2 CPE variants)
ni/labview
< 2021
Published
Apr 09, 2025
Tracked Since
Feb 18, 2026