Login Sign Up

CVE-2025-64463

7.8 HIGH

📋 TL;DR

An out-of-bounds read vulnerability in NI LabVIEW's LVResource::DetachResource() function when parsing corrupted VI files could lead to information disclosure or arbitrary code execution. Attackers must trick users into opening specially crafted VI files. This affects NI LabVIEW 2025 Q3 (25.3) and all prior versions.

💻 Affected Systems

Products:
  • NI LabVIEW
Versions: 2025 Q3 (25.3) and all prior versions
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All LabVIEW installations with affected versions are vulnerable when parsing VI files.

📦 What is this software?

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

Labview by Ni

View all CVEs affecting Labview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary code execution with the privileges of the LabVIEW user, potentially leading to full system compromise.

🟠

Likely Case

Information disclosure through memory leaks or application crashes when users open malicious VI files.

🟢

If Mitigated

Limited impact if users only open trusted VI files from verified sources.

🌐 Internet-Facing: LOW - Exploitation requires user interaction with malicious files, not directly network-exposed.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious VI files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious VI files. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: NI LabVIEW 2025 Q4 (25.4) or later

Vendor Advisory: https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html

Restart Required: Yes

Instructions:

1. Download NI LabVIEW 2025 Q4 (25.4) or later from NI website
2. Run the installer with administrative privileges
3. Follow installation prompts
4. Restart the system after installation completes

🔧 Temporary Workarounds

Restrict VI file execution

all

Configure LabVIEW to only open VI files from trusted locations or require user confirmation for all VI files.

User awareness training

all

Train users to only open VI files from trusted sources and verify file integrity before opening.

🧯 If You Can't Patch

  • Implement application whitelisting to restrict execution of LabVIEW to trusted locations only.
  • Use endpoint protection software configured to detect and block malicious VI files.

🔍 How to Verify

Check if Vulnerable:

Check LabVIEW version via Help > About LabVIEW. If version is 25.3 or earlier, the system is vulnerable.

Check Version:

On Windows: "C:\Program Files\National Instruments\LabVIEW 2025\LabVIEW.exe" /version

Verify Fix Applied:

Verify LabVIEW version is 25.4 or later via Help > About LabVIEW after patching.

📡 Detection & Monitoring

Log Indicators:

  • LabVIEW crash logs with memory access violations
  • Unexpected LabVIEW process termination events

Network Indicators:

  • Unusual outbound connections from LabVIEW process after opening VI files

SIEM Query:

source="labview.log" AND (event="crash" OR event="access_violation")

📊 Metadata

CVE ID: CVE-2025-64463
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
EPSS Score: 0.02% exploit probability (3.8th percentile)
Published: December 18, 2025
Last Updated: December 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64463, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)