CVE-2025-2450
Published: 18 March 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
CVE-2025-2450 is a remote code execution vulnerability in NI Vision Builder AI, stemming from missing warnings during VBAI file processing. The flaw allows the execution of dangerous scripts without user notification on affected installations of the software. It was originally tracked as ZDI-CAN-22833 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), with associated CWEs CWE-356 and NVD-CWE-noinfo.
Remote attackers can exploit this vulnerability by inducing a target user to visit a malicious web page or open a malicious VBAI file, as user interaction is required. No privileges are needed on the attacker's part, and successful exploitation enables arbitrary code execution in the context of the current user, potentially leading to high confidentiality, integrity, and availability impacts.
The Zero Day Initiative has published an advisory with additional details at https://www.zerodayinitiative.com/advisories/ZDI-25-147/. Security practitioners should consult this reference for recommended mitigations or patches.
Details
- CWE(s)
Affected Products
AI Security Analysis
- AI Category
- Computer Vision
- Risk Domain
- Not Applicable
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- NI Vision Builder AI is a software tool for machine vision applications using AI for image processing and analysis, directly fitting the Computer Vision category.
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability enables remote code execution without warning when users visit a malicious page (T1189, T1203, T1204.001) or open a malicious VBAI file (T1203, T1204.002).