{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-30417","assignerOrgId":"bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4","state":"PUBLISHED","assignerShortName":"NI","dateReserved":"2025-03-21T21:05:43.246Z","datePublished":"2025-05-15T16:18:53.901Z","dateUpdated":"2025-05-15T18:38:35.883Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Circuit Design Suite","vendor":"NI","versions":[{"lessThanOrEqual":"14.3.0","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Michael Heinzl working with CISA"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"There is a memory corruption vulnerability <span style=\"background-color: rgb(255, 255, 255);\">due to an out of bounds write in&nbsp;</span>Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. &nbsp;<span style=\"background-color: rgb(255, 255, 255);\">This vulnerability may result in information disclosure or arbitrary code execution.  Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. <span style=\"background-color: rgb(255, 255, 255);\">This vulnerability&nbsp;</span>affects NI Circuit Design Suite 14.3.0 and prior versions.</span><br>"}],"value":"There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution.  Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions."}],"impacts":[{"capecId":"CAPEC-100","descriptions":[{"lang":"en","value":"CAPEC-100 Overflow Buffers"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.5,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"PASSIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-787","description":"CWE-787 Out-of-bounds Write","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4","shortName":"NI","dateUpdated":"2025-05-15T16:22:12.745Z"},"references":[{"url":"https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-circuit-design-suite.html"}],"source":{"discovery":"UNKNOWN"},"title":"Out of Bounds Write in Library!DecodeBase64() in NI Circuit Design Suite","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-15T18:38:27.289658Z","id":"CVE-2025-30417","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-15T18:38:35.883Z"}}]}}