CVE-2025-12097

HIGH 7.5

Relative Path Traversal Vulnerability in NI System Web Server

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files. This vulnerability existed in the NI System Web Server 2012 and prior versions. It was fixed in 2013.

CWE	CWE-23
Vendor	ni
Product	labview
Published	Dec 4, 2025
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for ni labview

Be the first to know when new high vulnerabilities affecting ni labview are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

NI / LabVIEW

9.0.0 ≤ 12.*

References

NVD ↗ CVE.org ↗ EPSS Data ↗

ni.com: https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/relative-path-traversal-vulnerability-in-ni-system-web-server.html