CVE-2025-64462
📋 TL;DR
An out-of-bounds read vulnerability in NI LabVIEW's LVResFile::RGetMemFileHandle() function when parsing corrupted VI files could lead to information disclosure or arbitrary code execution. Attackers need to trick users into opening specially crafted VI files. This affects NI LabVIEW 2025 Q3 (25.3) and earlier versions.
💻 Affected Systems
- NI LabVIEW
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Arbitrary code execution with the privileges of the LabVIEW user, potentially leading to full system compromise.
Likely Case
Information disclosure through memory leaks or application crashes when users open malicious VI files.
If Mitigated
Limited impact if users only open trusted VI files from verified sources.
🎯 Exploit Status
Exploitation requires user interaction to open malicious VI files. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: NI LabVIEW 2025 Q4 (25.4) or later
Restart Required: Yes
Instructions:
1. Download and install NI LabVIEW 2025 Q4 (25.4) or later from NI website. 2. Restart the system after installation. 3. Verify the update was successful by checking the LabVIEW version.
🔧 Temporary Workarounds
Restrict VI file execution
allConfigure LabVIEW to only open VI files from trusted sources or require user confirmation for all VI files.
User awareness training
allTrain users to only open VI files from trusted sources and verify file integrity before opening.
🧯 If You Can't Patch
- Implement strict file access controls to prevent users from opening untrusted VI files.
- Use application whitelisting to restrict LabVIEW execution to specific trusted directories only.
🔍 How to Verify
Check if Vulnerable:
Check LabVIEW version via Help > About LabVIEW. If version is 2025 Q3 (25.3) or earlier, the system is vulnerable.Check Version:
On Windows: Open LabVIEW and navigate to Help > About LabVIEW. On command line: Not directly available.Verify Fix Applied:
Verify LabVIEW version is 2025 Q4 (25.4) or later via Help > About LabVIEW.📡 Detection & Monitoring
Log Indicators:
- LabVIEW crash logs with memory access violations
- Unexpected VI file parsing errors
Network Indicators:
- Unusual file downloads to LabVIEW systems
- VI files from untrusted sources
SIEM Query:
source="labview" AND (event="crash" OR event="memory_violation")