Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Vision Builder AI by NI

    CVE-2025-2450 (GCVE-0-2025-2450)

    Vulnerability from nvd – Published: 2025-03-18 13:18 – Updated: 2025-03-18 13:53
    VLAI
    Title
    NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability
    Summary
    NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VBAI files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22833.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-356 - Product UI does not Warn User of Unsafe Actions
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    NI Vision Builder AI Affected: 2023 Q3
    Create a notification for this product.
    Date Public
    2025-03-17 20:34
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2450",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-18T13:53:43.415243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T13:53:50.515Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vision Builder AI",
              "vendor": "NI",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023 Q3"
                }
              ]
            }
          ],
          "dateAssigned": "2025-03-17T16:50:55.018Z",
          "datePublic": "2025-03-17T20:34:30.786Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of VBAI files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22833."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-356",
                  "description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-18T13:18:12.908Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-25-147",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-147/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "kimiya"
          },
          "title": "NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2025-2450",
        "datePublished": "2025-03-18T13:18:12.908Z",
        "dateReserved": "2025-03-17T16:50:54.949Z",
        "dateUpdated": "2025-03-18T13:53:50.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2450 (GCVE-0-2025-2450)

    Vulnerability from cvelistv5 – Published: 2025-03-18 13:18 – Updated: 2025-03-18 13:53
    VLAI
    Title
    NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability
    Summary
    NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VBAI files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22833.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-356 - Product UI does not Warn User of Unsafe Actions
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    NI Vision Builder AI Affected: 2023 Q3
    Create a notification for this product.
    Date Public
    2025-03-17 20:34
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2450",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-18T13:53:43.415243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T13:53:50.515Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vision Builder AI",
              "vendor": "NI",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023 Q3"
                }
              ]
            }
          ],
          "dateAssigned": "2025-03-17T16:50:55.018Z",
          "datePublic": "2025-03-17T20:34:30.786Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of VBAI files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22833."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-356",
                  "description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-18T13:18:12.908Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-25-147",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-147/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "kimiya"
          },
          "title": "NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2025-2450",
        "datePublished": "2025-03-18T13:18:12.908Z",
        "dateReserved": "2025-03-17T16:50:54.949Z",
        "dateUpdated": "2025-03-18T13:53:50.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }