Primary

Context

NI Circuit Design Suite Memory Corruption Vulnerability Allowing Information Disclosure or Arbitrary Code Execution

Vulnerability

Patched

A memory corruption vulnerability has been identified in NI Circuit Design Suite versions through 14.3.0. This vulnerability arises from an out-of-bounds write in the 'Library!DecodeBase64()' function, used by the Symbol Editor. Exploitation of this vulnerability could lead to information disclosure or arbitrary code execution. To successfully exploit this issue, an attacker must convince a user to open a specially crafted .sym file.

Impact

Exploitation of this vulnerability could result in memory corruption, allowing for information disclosure or arbitrary code execution.

Remediation

Users are advised to upgrade to NI Circuit Design Suite 14.3.1 or later. The update can be obtained through the NI Package Manager or the NI Software Downloads page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

3.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

3.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NI Circuit Design Suite Memory Corruption Vulnerability Allowing Information Disclosure or Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

NI Circuit Design Suite

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating