Relative Path Traversal Vulnerability in Digilent WaveForms Software
CVE-2025-10203

8.5HIGH

Key Information:

Vendor: Digilent
Status: Waveforms
Vendor: CVE Published:; 15 September 2025

What is CVE-2025-10203?

A vulnerability in Digilent WaveForms arises from improper input validation, allowing for relative path traversal. This flaw can enable an attacker to execute arbitrary code if a user inadvertently opens a specially crafted .DWF3WORK file. Users of Digilent WaveForms version 3.24.3 and earlier should be aware of this potential risk.

Affected Version(s)

WaveForms 0 <= 3.24.3

References

https://www.ni.com/en/support/security/available-critical...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Sep 9, 2025

Credit

kimiya working with Trend Micro Zero Day Initiative