PatchSiren cyber security CVE debrief
CVE-2025-30419 National Instruments CVE debrief
National Instruments Circuit Design Suite contains a high-severity out-of-bounds read in GetSymbolBorderRectSize() caused by improper input validation. According to the CISA advisory, a specially crafted SYM file opened by a user could lead to information disclosure or arbitrary code execution. National Instruments says to update to version 14.3.1 or later.
- Vendor
- National Instruments
- Product
- Circuit Design Suite
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-20
- Original CVE updated
- 2025-05-20
- Advisory published
- 2025-05-20
- Advisory updated
- 2025-05-20
Who should care
Administrators and users of National Instruments Circuit Design Suite, especially on workstations that open or process untrusted SYM files, should treat this as a priority patching item. Environments with broader file-sharing workflows or engineering content exchange are most exposed to the user-interaction aspect of this issue.
Technical summary
CVE-2025-30419 is an out-of-bounds read in GetSymbolBorderRectSize() within National Instruments Circuit Design Suite. The CISA CSAF advisory attributes the issue to improper input validation and lists affected product scope as National Instruments Circuit Design Suite version 14.3.0 and earlier. The reported impact includes information disclosure and possible arbitrary code execution. The supplied CVSS v3.1 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local execution context with required user interaction to open a crafted SYM file.
Defensive priority
High. This is a user-facing file parsing flaw with high-impact confidentiality, integrity, and availability ratings in the supplied vector. Prioritize patching affected installations and reduce exposure to untrusted SYM files until remediation is complete.
Recommended defensive actions
- Upgrade National Instruments Circuit Design Suite to version 14.3.1 or later.
- Identify systems running Circuit Design Suite version 14.3.0 or earlier and prioritize them for remediation.
- Limit exposure to untrusted or externally sourced SYM files until systems are updated.
- Use application and endpoint controls to reduce the likelihood of users opening unexpected engineering files.
- Review CISA and National Instruments security guidance linked in the advisory for vendor-specific remediation details.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-140-02 for CVE-2025-30419, which states the affected product as National Instruments Circuit Design Suite <=14.3.0, describes the out-of-bounds read in GetSymbolBorderRectSize(), and recommends updating to 14.3.1 or later. The supplied source corpus also includes official reference links to the CVE record, CISA advisory page, and National Instruments security update page.
Official resources
-
CVE-2025-30419 CVE record
CVE.org
-
CVE-2025-30419 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory and CVE record on 2025-05-20, with the source advisory showing an initial publication on the same date. No KEV listing was provided in the supplied data.