CVE-2025-2450
Published: 18 March 2025
Summary
CVE-2025-2450 is a high-severity Product UI does not Warn User of Unsafe Actions (CWE-356) vulnerability in Ni Vision Builder Ai. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked in the top 32.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Computer Vision; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-2450 is a remote code execution vulnerability in NI Vision Builder AI that stems from missing warnings during VBAI file processing. The flaw permits execution of dangerous scripts without user notification, affecting installations of the software and carrying a CVSS 3.1 score of 8.8.
Remote attackers can exploit the issue by supplying a malicious VBAI file or directing a target to a malicious page. Successful exploitation grants arbitrary code execution in the context of the current user, though user interaction is required to trigger the flaw.
The issue was reported as ZDI-CAN-22833 and is detailed in the Zero Day Initiative advisory ZDI-25-147. The EPSS score remains low, with a current value of 0.0052 and a peak of 0.0102.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7566
Vulnerability details
NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit this vulnerability in that…
more
the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VBAI files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22833.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Computer Vision
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote code execution without warning when users visit a malicious page (T1189, T1203, T1204.001) or open a malicious VBAI file (T1203, T1204.002).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the VBAI file processing flaw by applying vendor patches that add missing warnings or block dangerous script execution.
Deploys real-time malicious code scanning at file open points to detect and eradicate dangerous scripts in VBAI files before execution.
Validates VBAI file inputs to prevent processing of dangerous scripts without user warning.