CVE-2025-12097

8.7HIGH

Key Information:

Vendor: Ni
Status: Labview
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-12097?

There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files. This vulnerability existed in the NI System Web Server 2012 and prior versions. It was fixed in 2013.

Affected Version(s)

LabVIEW 9.0.0 <= 12.*

References

https://www.ni.com/en/support/security/available-critical...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Oct 22, 2025

JSON

Ni

What is CVE-2025-12097?

Affected Version(s)

References

CVSS V4

Timeline