CVE-2025-64464
📋 TL;DR
An out-of-bounds read vulnerability in NI LabVIEW's lvre!VisaWriteFromFile() function when parsing corrupted VI files could lead to information disclosure or arbitrary code execution. Attackers need to trick users into opening specially crafted VI files. This affects NI LabVIEW 2025 Q3 (25.3) and earlier versions.
💻 Affected Systems
- NI LabVIEW
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Arbitrary code execution with the privileges of the LabVIEW user, potentially leading to full system compromise.
Likely Case
Information disclosure through memory leaks or application crashes when users open malicious VI files.
If Mitigated
Limited impact if users only open trusted VI files from verified sources.
🎯 Exploit Status
Exploitation requires user interaction to open malicious VI files; no known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check NI security advisory for latest patched version
Restart Required: Yes
Instructions:
1. Visit NI security advisory page. 2. Download and install latest LabVIEW update. 3. Restart system after installation.
🔧 Temporary Workarounds
Restrict VI file handling
allConfigure systems to only open VI files from trusted sources using application whitelisting.
🧯 If You Can't Patch
- Implement strict file handling policies to only open VI files from trusted sources.
- Use application sandboxing or virtualization for LabVIEW when handling untrusted files.
🔍 How to Verify
Check if Vulnerable:
Check LabVIEW version via Help > About LabVIEW; versions 25.3 and earlier are vulnerable.Check Version:
On Windows: Check Help > About in LabVIEW GUI; no direct CLI command available.Verify Fix Applied:
Verify LabVIEW version is updated beyond 25.3 and check NI advisory for specific patched version.📡 Detection & Monitoring
Log Indicators:
- LabVIEW crash logs with memory access violations
- Unexpected file parsing errors in application logs
Network Indicators:
- Unusual file downloads of VI files from untrusted sources
SIEM Query:
Search for LabVIEW process crashes or suspicious VI file access patterns.