CVE-2025-2450HIGH 8.8EPSS p37.7%

CVE-2025-2450CVE-2025-2450

Description

NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VBAI files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22833.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.48% probability of exploitation · percentile 37.7% · 2026-06-19T12:03:05Z
Published2025-03-18
Last modified2025-08-18

Underlying weaknesses· 1

CWE-356

References

  1. https://www.zerodayinitiative.com/advisories/ZDI-25-147/

1

TypeTargetConfidenceTier
WeaknessProduct UI does not Warn User of Unsafe Actionscwe-3560%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-55319
CVE
CVE-2025-2449
CVE
CVE-2025-46068
CVE
Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
CVE
CVE-2025-23251
CVE
CVE-2025-44022
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.