What is the severity of CVE-2025-2450?

CVE-2025-2450 is classified as a remote code execution vulnerability, which is considered high severity due to the potential for arbitrary code execution.

How do I fix CVE-2025-2450?

To fix CVE-2025-2450, update NI Vision Builder AI to the latest version that includes security patches addressing this vulnerability.

What products are affected by CVE-2025-2450?

CVE-2025-2450 affects installations of NI Vision Builder AI.

Is user interaction required to exploit CVE-2025-2450?

Yes, user interaction is required to exploit CVE-2025-2450, as the attacker needs the user to perform specific actions.

Can CVE-2025-2450 lead to data loss?

While CVE-2025-2450 primarily allows arbitrary code execution, it can potentially lead to data loss depending on the nature of the executed code.

Vulnerability/
CVE-2025-2450

high

7.8

CWE

356

18/3/2025

CVE-2025-2450: (0Day) NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability

First published: Tue Mar 18 2025(Updated: )

NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VBAI files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22833.

Credit: zdi-disclosures@trendmicro.com

Affected Software	Affected Version	How to fix
NI Vision software
NI Vision

Never miss a vulnerability like this again

Reference Links

https://www.zerodayinitiative.com/advisories/ZDI-25-147/

Frequently Asked Questions

What is the severity of CVE-2025-2450?
CVE-2025-2450 is classified as a remote code execution vulnerability, which is considered high severity due to the potential for arbitrary code execution.
How do I fix CVE-2025-2450?
To fix CVE-2025-2450, update NI Vision Builder AI to the latest version that includes security patches addressing this vulnerability.
What products are affected by CVE-2025-2450?
CVE-2025-2450 affects installations of NI Vision Builder AI.
Is user interaction required to exploit CVE-2025-2450?
Yes, user interaction is required to exploit CVE-2025-2450, as the attacker needs the user to perform specific actions.
Can CVE-2025-2450 lead to data loss?
While CVE-2025-2450 primarily allows arbitrary code execution, it can potentially lead to data loss depending on the nature of the executed code.

agent/weakness
agent/type
agent/references
agent/first-publish-date
agent/title
agent/description
agent/softwarecombine
collector/zdi-advisory
source/ZDI
alias/ZDI-25-147
alias/ZDI-CAN-22833
alias/CVE-2025-2450
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
agent/source
agent/severity
agent/event
agent/tags
collector/mitre-cve
source/MITRE
agent/guess-ai
vendor/ni
canonical/ni vision software
vendor/national instruments
canonical/ni vision

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.