CVE-2025-10203
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-09-16

Assigner: National Instruments

Description
Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DWF3WORK file. This vulnerability affects Digilent WaveForms 3.24.3 and prior versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-09-16
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10203
EUVD
EUVD-2025-29220
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
digilent waveforms 3.24.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a relative path traversal flaw in Digilent WaveForms software (version 3.24.3 and earlier) caused by improper input validation. An attacker can create a specially crafted .DWF3WORK file that, when opened by a user, allows arbitrary code execution on the affected system. Exploitation requires the user to open the malicious file. [1]

Impact Analysis

If exploited, this vulnerability can lead to arbitrary code execution, which means an attacker could run malicious code on your system. This can compromise the confidentiality, integrity, and availability of your data and system, potentially leading to data loss, unauthorized access, or system disruption. [1]

Detection Guidance

Detection involves monitoring for the presence or opening of specially crafted .DWF3WORK files, as exploitation requires user interaction with such files. You can search for .DWF3WORK files on your system using commands like 'find / -name "*.DWF3WORK"' on Unix/Linux systems or 'dir /s *.DWF3WORK' on Windows. Additionally, monitoring user activity or logs for attempts to open these files may help detect exploitation attempts. There are no specific detection commands provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading Digilent WaveForms to version 3.24.4 or later, as this version addresses the vulnerability. Additionally, avoid opening .DWF3WORK files from untrusted or unknown sources to prevent exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10203. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart