PT-2025-15843 · National Instruments · Ni Labview
Michael Heinzl
·
Published
2025-04-09
·
Updated
2025-08-18
·
CVE-2025-2632
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
NI LabVIEW versions prior to 2025 Q1
Description:
The issue is an out of bounds write vulnerability due to improper bounds checking in NI LabVIEW when reading CPU info from cache. This may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI.
Recommendations:
For versions prior to 2025 Q1, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the execution of specially crafted VIs to minimize the risk of exploitation.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ni Labview