Memory Corruption Vulnerability in NI Circuit Design Suite by National Instruments
CVE-2025-6033

8.5HIGH

Key Information:

Vendor: Ni
Status: Circuit Design Suite
Vendor: CVE Published:; 30 September 2025

What is CVE-2025-6033?

A memory corruption vulnerability exists in the NI Circuit Design Suite, triggered by an out-of-bounds write in the XML_Serialize() function when using the SymbolEditor tool. This flaw could allow malicious actors to execute arbitrary code or gain unauthorized access to sensitive information, provided they convince a user to open a specially crafted .sym file. The vulnerability impacts NI Circuit Design Suite versions 14.3.1 and earlier.

Affected Version(s)

Circuit Design Suite 0 <= 14.3.1

References

https://www.ni.com/en/support/security/available-critical...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2025
Vulnerability Reserved
Jun 12, 2025

Credit

Michael Heinzl working with CISA

JSON

Ni

What is CVE-2025-6033?

Affected Version(s)

References

CVSS V4

Timeline

Credit