CVE-2025-2629Uncontrolled Search Path Element in Labview

CWE-427Uncontrolled Search Path Element2 documents2 sources
Severity
7.0HIGHNVD
EPSS
0.1%
top 81.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
NI Labview
Timeline
PublishedApr 9

Description

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5ni/labview23.1.0223.3.5+3
NVDni/labview2021+4

🔴Vulnerability Details

1
GHSA
GHSA-922p-pfv2-32j4: There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting2025-04-09
CVE-2025-2629 — Uncontrolled Search Path Element | cvebase