National Instruments Circuit Design Suite

Plan PatchCVSS 7.8ICS-CERT ICSA-25-273-06Sep 30, 2025

National Instruments

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

National Instruments Circuit Design Suite versions 14.3.1 and earlier contain memory corruption vulnerabilities (CWE-843, CWE-125) that could lead to information disclosure or arbitrary code execution. These vulnerabilities require local access and user interaction to exploit.

What this means

What could happen

An attacker with local access to a machine running Circuit Design Suite could exploit memory corruption to execute arbitrary code or steal sensitive information. This could compromise engineering workstations used to configure or monitor control systems.

Who's at risk

Engineering teams using National Instruments Circuit Design Suite for control system design, simulation, or testing. This primarily affects IT personnel managing EDA (Electronic Design Automation) workstations in utility and manufacturing environments that use NI tools for PLC/RTU design and commissioning.

How it could be exploited

An attacker would need local access to the Circuit Design Suite application (not remotely exploitable) and would need to trick a user into opening a malicious file or interacting with the application in a specific way to trigger the memory corruption, potentially leading to code execution on that workstation.

Prerequisites

Local access to the machine running Circuit Design Suite (not network-accessible)
User interaction required (e.g., opening a crafted file or triggering specific application behavior)

Memory corruption vulnerabilityArbitrary code execution potentialRequires local accessAffects engineering workstations

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

Circuit Design Suite: <=v14.3.1≤ v14.3.114.3.2

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate National Instruments Circuit Design Suite to version 14.3.2 or later using NI Package Manager or Software Downloads

CVEs (2)

CVE-2025-6033 CVE-2025-6034

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f6634f93-5851-49de-828d-6d863c0d179c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.