Primary

Context

NI Circuit Design Suite Memory Corruption Vulnerability Allowing Information Disclosure or Arbitrary Code Execution

Vulnerability

Patched

A memory corruption vulnerability has been identified in NI Circuit Design Suite versions through 14.3.1. This vulnerability arises from an out-of-bounds read in the DefaultFontOptions() function within the Symbol Editor. Successful exploitation could lead to information disclosure or arbitrary code execution, requiring an attacker to persuade a user to open a specially crafted .sym file.

Impact

Exploitation of this vulnerability could result in memory corruption, allowing for information disclosure or arbitrary code execution.

Remediation

Users are advised to upgrade to NI Circuit Design Suite 14.3.2 or later. The update can be obtained through NI Package Manager or the NI Software Downloads page.

Added: Sep 30, 2025, 4:17 PM

Updated: Sep 30, 2025, 4:17 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NI Circuit Design Suite Memory Corruption Vulnerability Allowing Information Disclosure or Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

NI Circuit Design Suite

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating