CVE-2025-7361
📋 TL;DR
A code injection vulnerability in NI LabVIEW allows arbitrary code execution when users open specially crafted VI files containing CIN nodes. This affects 32-bit LabVIEW 2025 Q1 and earlier versions. Attackers could gain full control of affected systems through malicious VI files.
💻 Affected Systems
- NI LabVIEW
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the LabVIEW host system, potentially leading to data theft, ransomware deployment, or lateral movement within networks.
Likely Case
Local privilege escalation or arbitrary code execution when users open malicious VI files from untrusted sources, potentially compromising engineering systems and intellectual property.
If Mitigated
Limited impact if users only open trusted VI files and systems are properly segmented, though risk remains from insider threats or supply chain attacks.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious VI file. Attackers need to craft specialized VI files with CIN nodes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: LabVIEW 2025 Q2 or later
Restart Required: Yes
Instructions:
1. Download and install LabVIEW 2025 Q2 or later from NI website. 2. Uninstall previous vulnerable versions. 3. Restart system after installation.
🔧 Temporary Workarounds
Disable CIN node support
allConfigure LabVIEW to block or warn about CIN nodes in VI files
Migrate to 64-bit LabVIEW
allSwitch to 64-bit LabVIEW which does not support vulnerable CIN nodes
🧯 If You Can't Patch
- Restrict user permissions to prevent execution of arbitrary code
- Implement application whitelisting to block unauthorized VI file execution
🔍 How to Verify
Check if Vulnerable:
Check LabVIEW version in Help > About LabVIEW. If version is 2025 Q1 or earlier and 32-bit, system is vulnerable.Check Version:
In LabVIEW: Help > About LabVIEWVerify Fix Applied:
Verify LabVIEW version is 2025 Q2 or later. Confirm CIN nodes are properly validated in VI files.📡 Detection & Monitoring
Log Indicators:
- Unusual process creation from LabVIEW.exe
- Failed attempts to load CIN nodes
- VI file execution from untrusted locations
Network Indicators:
- Outbound connections from LabVIEW to unexpected destinations
- File downloads to LabVIEW directories
SIEM Query:
Process Creation where Image contains 'labview.exe' AND CommandLine contains '.vi'