CVE-2025-2450

High CVSS: 8.8

NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the processing of VBAI files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22833.

Vendor

Product

Vision Builder Ai

CWE

CWE-356

Yayın Tarihi

2025-03-18 14:15:45

Güncelleme

2025-08-18 13:43:46

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-356 Vision Builder Ai HIGH Ni 2025

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-25-147/

Benzer Kayıtlar

High

CVE-2026-0954

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent D…

High

CVE-2026-0955

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLa…

High

CVE-2026-0956

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLa…

High

CVE-2026-0957

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYL…

High

CVE-2025-64468

There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnera…

High

CVE-2025-64469

There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corr…