Primary

Context

NI Vision Software Arbitrary Code Execution Vulnerability via Vulnerable Third-Party Library

Vulnerability

A vulnerability allowing arbitrary code execution has been identified in NI Vision software products that rely on a third-party library for image processing. This issue arises from the use of a vulnerable component, which has now been replaced. Successful exploitation requires a user to open a specially crafted file.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the user's system.

Remediation

Users are advised to upgrade to the latest versions of the affected software. If an upgrade is not possible, install Vision Common Resources 2025 Q1 or later from the NI Package Manager. Specific upgrade instructions are available for each affected product on the NI website.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NI Vision Software Arbitrary Code Execution Vulnerability via Vulnerable Third-Party Library

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating