CVE-2025-64467
📋 TL;DR
An out-of-bounds read vulnerability in NI LabVIEW's LVResFile::FindRsrcListEntry() function when parsing corrupted VI files could allow information disclosure or arbitrary code execution. Attackers could exploit this by tricking users into opening specially crafted VI files. This affects NI LabVIEW 2025 Q3 (25.3) and earlier versions.
💻 Affected Systems
- NI LabVIEW
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Arbitrary code execution with the privileges of the LabVIEW user, potentially leading to full system compromise.
Likely Case
Information disclosure or application crash when users open malicious VI files from untrusted sources.
If Mitigated
Limited impact if users only open trusted VI files and proper access controls are in place.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious VI file. No public exploit code is currently known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: NI LabVIEW 2025 Q4 or later
Restart Required: Yes
Instructions:
1. Download and install NI LabVIEW 2025 Q4 or later from NI's official website. 2. Restart the system after installation. 3. Verify the update was successful by checking the LabVIEW version.
🔧 Temporary Workarounds
Restrict VI file execution
allConfigure LabVIEW to only open VI files from trusted sources and locations.
User awareness training
allTrain users to only open VI files from trusted sources and verify file integrity.
🧯 If You Can't Patch
- Restrict LabVIEW usage to trusted users only and monitor for suspicious file openings.
- Implement application whitelisting to prevent execution of unauthorized VI files.
🔍 How to Verify
Check if Vulnerable:
Check LabVIEW version via Help > About LabVIEW. If version is 2025 Q3 (25.3) or earlier, the system is vulnerable.Check Version:
On Windows: Open LabVIEW and navigate to Help > About LabVIEW. On Linux/macOS: Check the LabVIEW application properties or about dialog.Verify Fix Applied:
After updating, verify the LabVIEW version is 2025 Q4 or later via Help > About LabVIEW.📡 Detection & Monitoring
Log Indicators:
- LabVIEW crash logs when opening VI files
- Unexpected memory access errors in application logs
Network Indicators:
- Unusual file downloads to LabVIEW systems
- Network transfers of VI files from untrusted sources
SIEM Query:
source="labview" AND (event="crash" OR event="memory_error") AND file_extension="vi"