CVE-2025-30420

Name of the Vulnerable Software and Affected Versions: NI Circuit Design Suite versions 14.3.0 and prior

Description: The issue is due to a memory corruption vulnerability caused by an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor. This may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file.

Recommendations: For versions 14.3.0 and prior, update to a version later than 14.3.0 to resolve the issue. As a temporary workaround, consider avoiding the use of the SymbolEditor with untrusted .sym files until a patch is available. Restrict access to the Bitmap::InternalDraw() function to minimize the risk of exploitation.