CVE-2025-2450
Published: 18 March 2025
Summary
CVE-2025-2450 is a high-severity Product UI does not Warn User of Unsafe Actions (CWE-356) vulnerability in Ni Vision Builder Ai. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 33.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Computer Vision; in the Not Applicable risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the VBAI file processing flaw by applying vendor patches that add missing warnings or block dangerous script execution.
Deploys real-time malicious code scanning at file open points to detect and eradicate dangerous scripts in VBAI files before execution.
Validates VBAI file inputs to prevent processing of dangerous scripts without user warning.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote code execution without warning when users visit a malicious page (T1189, T1203, T1204.001) or open a malicious VBAI file (T1203, T1204.002).
NVD Description
NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that…
more
the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VBAI files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22833.
Deeper analysisAI
CVE-2025-2450 is a remote code execution vulnerability in NI Vision Builder AI, stemming from missing warnings during VBAI file processing. The flaw allows the execution of dangerous scripts without user notification on affected installations of the software. It was originally tracked as ZDI-CAN-22833 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), with associated CWEs CWE-356 and NVD-CWE-noinfo.
Remote attackers can exploit this vulnerability by inducing a target user to visit a malicious web page or open a malicious VBAI file, as user interaction is required. No privileges are needed on the attacker's part, and successful exploitation enables arbitrary code execution in the context of the current user, potentially leading to high confidentiality, integrity, and availability impacts.
The Zero Day Initiative has published an advisory with additional details at https://www.zerodayinitiative.com/advisories/ZDI-25-147/. Security practitioners should consult this reference for recommended mitigations or patches.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Computer Vision
- Risk Domain
- Not Applicable
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- NI Vision Builder AI is a software tool for machine vision applications using AI for image processing and analysis, directly fitting the Computer Vision category.