CVE-2025-30417

Name of the Vulnerable Software and Affected Versions: NI Circuit Design Suite versions 14.3.0 and prior versions

Description: The issue is due to a memory corruption vulnerability caused by an out of bounds write in Library!DecodeBase64() when using the SymbolEditor. This may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file.

Recommendations: For NI Circuit Design Suite versions 14.3.0 and prior, update to a version later than 14.3.0 to resolve the issue. As a temporary workaround, consider avoiding the use of the SymbolEditor with untrusted .sym files until a patch is available. Restrict access to the Library!DecodeBase64() function to minimize the risk of exploitation.