CVE-2025-2449 — Path Traversal in Flexlogger

CWE-22 — Path Traversal2 documents2 sources

Severity

8.8HIGHNVD

EPSS

0.8%

top 25.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NI Flexlogger

Timeline

PublishedMar 18

Description

NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of NI FlexLogger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of URI files by the usiReg component. The issue results from the lack of proper validation of a user-supplied path …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ni/flexlogger2024 Q1

▶NVDni/flexlogger2024

🔴Vulnerability Details

GHSA

GHSA-78wq-w58w-pxgj: NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability↗2025-03-18

▶