CVE-2025-64468
📋 TL;DR
A use-after-free vulnerability in NI LabVIEW's sentry!sentry_span_set_data() function when parsing corrupted VI files could allow information disclosure or arbitrary code execution. Attackers can exploit this by tricking users into opening specially crafted VI files. This affects NI LabVIEW 2025 Q3 (25.3) and earlier versions.
💻 Affected Systems
- NI LabVIEW
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Arbitrary code execution with the privileges of the LabVIEW user, potentially leading to full system compromise.
Likely Case
Application crash or information disclosure from memory corruption, with code execution being possible but requiring specific conditions.
If Mitigated
Limited impact if users don't open untrusted VI files and LabVIEW runs with restricted privileges.
🎯 Exploit Status
Exploitation requires user interaction to open malicious VI file and understanding of LabVIEW file format corruption.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025 Q4 or later (check NI advisory for exact version)
Restart Required: Yes
Instructions:
1. Visit NI Software Update Service. 2. Check for available updates. 3. Install LabVIEW 2025 Q4 or later. 4. Restart system after installation.
🔧 Temporary Workarounds
Restrict VI file handling
allConfigure systems to prevent opening untrusted VI files and use application whitelisting.
🧯 If You Can't Patch
- Implement strict file handling policies to prevent opening untrusted VI files.
- Run LabVIEW with minimal user privileges and in isolated environments.
🔍 How to Verify
Check if Vulnerable:
Check LabVIEW version via Help > About LabVIEW. If version is 2025 Q3 (25.3) or earlier, system is vulnerable.Check Version:
On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\National Instruments\LabVIEW\CurrentVersionVerify Fix Applied:
Verify LabVIEW version is 2025 Q4 or later after patching.📡 Detection & Monitoring
Log Indicators:
- LabVIEW crash logs with memory access violations
- Unexpected process termination of LabVIEW.exe
Network Indicators:
- Unusual file transfers of VI files to users
SIEM Query:
Process:LabVIEW.exe AND (EventID:1000 OR ExceptionCode:c0000005)