GCVE - cpe:2.3:a:ni:flexlogger:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ni:flexlogger:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ni (`3f63e577-22ce-50bf-a016-4ac0c05111ef`)
Product	Flexlogger (`b785101d-7592-5360-ae80-59f62b50c393`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2449`	vulnerable	2026-06-03 15:00:25.511283	NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability HIGH (7.8) NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of NI FlexLogger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of URI files by the usiReg component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21805. Published: 2025-03-18T13:18:32.984Z Updated: 2025-03-18T13:52:36.096Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-25-146/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6122`	vulnerable	2026-06-03 14:58:01.943607	Incorrect Default Directory Permissions for NI SystemLink Redis Service MEDIUM (5.5) An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. Published: 2024-07-22T19:27:10.034Z Updated: 2024-08-01T21:33:04.403Z Open on db.gcve.eu Reference links https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6121`	vulnerable	2026-06-03 14:58:01.939836	NI SystemLink Server Ships Out of Date Redis Version HIGH (7.8) An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. Published: 2024-07-22T19:46:11.685Z Updated: 2024-08-01T21:33:05.149Z Open on db.gcve.eu Reference links https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/ni-systemlink-server-ships-out-of-date-redis-version.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4044`	vulnerable	2026-06-03 14:57:14.613269	Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio HIGH (7.8) A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior versions as well as NI InstrumentStudio 2024 Q1 and prior versions. Published: 2024-05-10T14:59:10.943Z Updated: 2024-08-01T20:26:57.269Z Open on db.gcve.eu Reference links https://ni.com/r/CVE-2024-4044	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1156`	vulnerable	2026-06-03 14:54:26.324999	Details available HIGH (7.8) Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. Published: 2024-02-20T14:37:07.095Z Updated: 2024-08-26T16:53:40.189Z Open on db.gcve.eu Reference links https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1155`	vulnerable	2026-06-03 14:54:26.304510	Incorrect permissions for shared NI SystemLink Elixir based services HIGH (7.8) Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. Published: 2024-02-20T14:34:08.556Z Updated: 2024-08-01T18:26:30.614Z Open on db.gcve.eu Reference links https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5136`	vulnerable	2026-06-03 14:53:47.721361	Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX MEDIUM (5.5) An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. Published: 2023-11-08T15:24:10.867Z Updated: 2025-06-11T14:34:24.037Z Open on db.gcve.eu Reference links https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.