CVE-2025-12097
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-08
Assigner: National Instruments
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| national_instruments | labview | 2009 |
| national_instruments | ni_system_web_server | 2012 |
| national_instruments | labview | 2010 |
| national_instruments | labview | 2013 |
| national_instruments | labview | 2011 |
| national_instruments | labview | 2012 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12097 is a relative path traversal vulnerability in the NI System Web Server, which is part of several National Instruments products like LabVIEW. An attacker can exploit this by sending a specially crafted request to the web server, allowing them to read arbitrary files on the affected system without authorization. This vulnerability existed in versions from 2012 and earlier and was fixed in the 2013 release. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information by allowing an attacker to read arbitrary files on the affected system remotely. Since it requires no privileges or user interaction and has a high confidentiality impact, it poses a significant risk of exposing confidential data, which could be exploited for further attacks or data breaches. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying if the NI System Web Server version 2012 or earlier is running, as these versions are vulnerable. You can check the version of the NI System Web Server installed on your system. Additionally, monitoring network traffic for specially crafted HTTP requests attempting relative path traversal patterns (e.g., requests containing '../' sequences) targeting the NI System Web Server may help detect exploitation attempts. Specific commands depend on your environment, but for example, on a system running the server, you might use commands like 'netstat -an | grep :<port>' to identify listening services, and 'curl' or 'wget' to test for path traversal by sending crafted requests. However, no explicit detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the NI System Web Server and affected products such as LabVIEW to versions from 2013 onward, where the vulnerability is fixed. Additionally, implement defense-in-depth strategies by avoiding direct Internet exposure of vulnerable systems, placing them behind firewalls or other network controls, and using secure remote access methods like VPNs to limit unauthorized access. [1]