Memory Corruption Vulnerabilities in Digilent DASYLab

Created Sep 2, 2025

Overview

There are multiple vulnerabilities related to improper validation when parsing DSB files in Digilent DASYLab that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted DSB file. These vulnerabilities affect all versions of Digilent DASYLab.

These vulnerabilities are identified as CVE-2025-9188, CVE-2025-9189, CVE-2025-57774, CVE-2025-57775, CVE-2025-57776, CVE-2025-57777, and CVE-2025-57778.

Mitigation Guidance
Affected Products
CVSS Score
Further Information
Acknowledgements
Additional Resources

Mitigation Guidance

There are no fixes available for these issues. Digilent strongly recommends users practice good cyber awareness and avoid opening DSB files from any untrusted sources. These issues are not exploitable remotely.

Affected Products

CVSS Score

CVE-2025-9188 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-9188 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2025-9189 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-9189 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2025-57774 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-57774 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2025-57775 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-57775 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2025-57776 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-57776 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2025-57777 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-57777 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2025-57778 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-57778 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Further Information

At NI, we view the security of our products as an important part of our commitment to our customers. Go to ni.com/security to stay informed and act upon security alerts and issues.

Acknowledgements

Digilent would like to thank kimiya working with Trend Micro Zero Day Initiative for reporting this issue and working with us on coordinated disclosure.

Additional Resources

CVE-2025-9188 - National Vulnerability Database
CVE-2025-9189 - National Vulnerability Database
CVE-2025-57774 - National Vulnerability Database
CVE-2025-57775 - National Vulnerability Database
CVE-2025-57776 - National Vulnerability Database
CVE-2025-57777 - National Vulnerability Database
CVE-2025-57778 - National Vulnerability Database
CWE-1285 – Improper Validation of Specified Index, Position, or Offset in Input

Product Version	Mitigation
DASYLab – all versions	See above

Was this information helpful?

Yes