PatchSiren cyber security CVE debrief
CVE-2025-2634 National Instruments CVE debrief
CVE-2025-2634 is a high-severity issue in National Instruments LabVIEW. According to the CISA CSAF advisory, LabVIEW 2024 Q3 and prior versions are affected by an improper restriction of operations within the bounds of a memory buffer, which may allow a local attacker to disclose information and execute arbitrary code remotely, resulting in invalid memory reads. NI states patches are available.
- Vendor
- National Instruments
- Product
- LabVIEW
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-29
- Original CVE updated
- 2025-07-29
- Advisory published
- 2025-07-29
- Advisory updated
- 2025-07-29
Who should care
Organizations that use National Instruments LabVIEW, especially engineering, test, and industrial environments where LabVIEW is installed on operator, development, or maintenance workstations. Security teams supporting OT-adjacent systems should also pay attention because CISA published this as an ICS advisory.
Technical summary
The advisory describes a memory-bounds restriction weakness in LabVIEW. The provided CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a low-complexity issue that requires user interaction and can have high confidentiality, integrity, and availability impact. The source advisory lists affected products as LabVIEW 2024 Q3 and prior versions, while the CSAF product tree also labels the affected product entry as National Instruments LabVIEW: <=2025_Q1.
Defensive priority
High for systems that run LabVIEW, but not an emergency patch item based on the supplied data because exploitation requires local access and user interaction, and the advisory is not marked as KEV. Prioritize systems exposed to broader engineering or OT workflows and any endpoint where LabVIEW is installed.
Recommended defensive actions
- Apply the National Instruments patches referenced in the advisory for CVE-2025-2634.
- Inventory LabVIEW installations and confirm whether any systems are running affected versions.
- Review National Instruments' security update page and advisory for version-specific remediation guidance.
- Limit access to LabVIEW installations to trusted users and follow least-privilege principles on engineering workstations.
- Monitor affected systems for abnormal crashes, memory-read faults, or other signs of instability.
- Follow CISA industrial control system security best practices for layered defensive controls.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-210-01 and its advisory text, which states that LabVIEW 2024 Q3 and prior versions are affected. The source metadata also includes National Instruments remediation references and a CVSS 3.1 vector of AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. No KEV entry is provided in the supplied corpus. There is a version-range inconsistency to note: the advisory prose says 2024 Q3 and prior versions, while the CSAF product tree entry names the affected product as National Instruments LabVIEW: <=2025_Q1.
Official resources
-
CVE-2025-2634 CVE record
CVE.org
-
CVE-2025-2634 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory and CVE record on 2025-07-29 UTC. The supplied corpus does not indicate KEV listing or ransomware campaign use.