CVE-2025-12097
Relative Path Traversal Vulnerability in NI System Web Server
In short
A flaw in NI System Web Server allows attackers to read files they shouldn't access by using specially crafted web requests with path traversal tricks. This puts sensitive information at risk.
Technical detail
Relative path traversal vulnerability (CWE-23) in NI System Web Server enables unauthenticated attackers to escape directory restrictions and read arbitrary files via malformed requests. Exploitation requires crafting specific path sequences; impact is information disclosure of sensitive data accessible to the web server process.
Summary generated and translated by AI from the official description.
There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files. This vulnerability existed in the NI System Web Server 2012 and prior versions. It was fixed in 2013.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
NI · LabVIEWWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →