PatchSiren cyber security CVE debrief
CVE-2025-64462 National Instruments CVE debrief
National Instruments LabVIEW contains an out-of-bounds read vulnerability in the LVResFile::RGetMemFileHandle() function that triggers when opening a corrupted VI (Virtual Instrument) file. The vulnerability, published December 18, 2025, carries a CVSS 3.1 score of 7.8 (HIGH severity). Successful exploitation requires user interaction—specifically, convincing a victim to open a maliciously crafted VI file. The impact scope includes potential information disclosure and arbitrary code execution. Attack vectors are local, requiring low attack complexity with no privileges needed. This vulnerability affects multiple LabVIEW versions from 2022 through 2025, with version 2021 no longer in mainstream support. National Instruments has released patched versions for supported releases.
- Vendor
- National Instruments
- Product
- LabVIEW
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-12-18
- Original CVE updated
- 2025-12-18
- Advisory published
- 2025-12-18
- Advisory updated
- 2025-12-18
Who should care
Organizations using National Instruments LabVIEW in engineering, test, measurement, and industrial automation environments. Particular attention needed where LabVIEW integrates with operational technology (OT) networks or processes untrusted VI files from external sources. Security teams supporting engineering workstations and development environments should prioritize patching given the arbitrary code execution potential.
Technical summary
The vulnerability exists in LVResFile::RGetMemFileHandle() during VI file parsing. Insufficient bounds checking on corrupted VI file structures permits out-of-bounds memory reads. The local attack vector requires user interaction to open a crafted file, but successful exploitation yields high-impact outcomes: confidentiality, integrity, and availability compromise. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects local attack surface with high impact potential. Multiple LabVIEW versions across the 2022-2025 release cycle are affected; vendor patches are available for all supported versions. LabVIEW 2021 has reached end-of-mainstream-support status and requires upgrade planning.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade LabVIEW 2025 installations to LabVIEW 2025 Q3 Patch 3 or later via NI Package Manager or Software Downloads
- Upgrade LabVIEW 2024 installations to LabVIEW 2024 Q3 Patch 5 or later via NI Package Manager or Software Downloads
- Upgrade LabVIEW 2023 installations to LabVIEW 2023 Q3 Patch 8 or later via NI Package Manager or Software Downloads
- Upgrade LabVIEW 2022 installations to LabVIEW 2022 Q3 Patch 7 or later via NI Package Manager or Software Downloads
- Plan migration away from LabVIEW 2021, which is no longer in mainstream support and will not receive security patches
- Implement email filtering and user awareness training to reduce risk of social engineering attacks delivering malicious VI files
- Apply defense-in-depth controls including network segmentation for systems running LabVIEW in operational technology environments
- Restrict execution of untrusted VI files through application whitelisting where feasible
Evidence notes
Vulnerability details sourced from CISA ICS Advisory ICSA-25-352-03. CVSS vector confirmed as CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Vendor fix information and end-of-life status for LabVIEW 2021 extracted from CSAF remediation data.
Official resources
-
CVE-2025-64462 CVE record
CVE.org
-
CVE-2025-64462 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-12-18