CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-30417: Out of Bounds Write in Library!DecodeBase64() in NI Circuit Design Suite

7.8 CVSS

Description

There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.

Classification

CVE ID: CVE-2025-30417

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem Types

CWE-787 Out-of-bounds Write

Affected Products

Vendor: NI

Product: Circuit Design Suite

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.72% (scored less or equal to compared to others)

EPSS Date: 2025-06-13 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30417
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-circuit-design-suite.html

Timeline

2025-05-15 17:40:11 UTC
CVE

Out of Bounds Write in Library!DecodeBase64() in NI Circuit Design Suite
2025-05-20 16:15:22 UTC
All CISA Advisories

National Instruments Circuit Design Suite