CVE-2025-6034

Out of Bounds Read in DefaultFontOptions() in NI Circuit Design Suite

CVSS 8.5 HIGHEPSS 0.2%CWE-125

There is a memory corruption vulnerability due to an out of bounds read in DefaultFontOptions() when using SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.1 and prior versions.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

NI · Circuit Design Suite

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/improper-input-validation-causes-memory-corruption-vulnerabilities-in-circuit-design-suite.html