CVE-2025-9189
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-10-09
Assigner: National Instruments
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ni | dasylab | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-1285 | The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds write caused by improper bounds checking when parsing a DSB file in Digilent DASYLab. It occurs because the software does not correctly verify the size of the destination address, which can be made very large by a specially crafted DSB file. This flaw can allow an attacker to execute arbitrary code if a user opens such a malicious file.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to arbitrary code execution on the affected system. This means an attacker could potentially run malicious code with the privileges of the user who opened the crafted DSB file, leading to data compromise, system control, or other harmful impacts.