Deserialization Vulnerability in NI G Web Development Software
CVE-2024-12742

8.4HIGH

Key Information:

Vendor: Ni
Status: G Web Development Software
Vendor: CVE Published:; 6 March 2025

What is CVE-2024-12742?

A deserialization vulnerability has been identified in NI G Web Development Software that allows for potential arbitrary code execution. This security flaw arises when an attacker persuades a user to open a maliciously crafted project file. The vulnerability impacts versions released up to and including the 2022 Q3 update. It is crucial for users of NI G Web Development Software to be aware of this risk and adopt necessary security measures to mitigate potential exploitation.

Affected Version(s)

G Web Development Software Windows 0 <= 22.3.1

References

https://www.ni.com/en/support/security/available-critical...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Dec 17, 2024

Credit

kimiya working with Trend Micro Zero Day Initiative

Ni

What is CVE-2024-12742?

Affected Version(s)

References

CVSS V4

Timeline

Credit