CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-30419: Out of Bounds Read in GetSymbolBorderRectSize() in NI Circuit Design Suite

7.8 CVSS

Description

There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.

Classification

CVE ID: CVE-2025-30419

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem Types

CWE-125

Affected Products

Vendor: NI

Product: Circuit Design Suite

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.3% (scored less or equal to compared to others)

EPSS Date: 2025-06-13 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30419
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-circuit-design-suite.html

Timeline

2025-05-15 17:40:11 UTC
CVE

Out of Bounds Read in GetSymbolBorderRectSize() in NI Circuit Design Suite