CVE-2025-2631

Name of the Vulnerable Software and Affected Versions: NI LabVIEW versions prior to 2025 Q1

Description: The issue is an out of bounds write vulnerability due to improper bounds checking in the InitCPUInformation() function. This may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI.

Recommendations: For versions prior to 2025 Q1, as a temporary workaround, consider restricting the use of the InitCPUInformation() function until a patch is available. Avoid opening specially crafted VIs from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.