CVE-2025-64468 National Instruments CVE debrief

Who should care

Organizations using National Instruments LabVIEW in engineering, test, measurement, and industrial automation environments. Particularly critical for environments where VI files may be shared between users or obtained from external sources. Not applicable to KEV at time of publication.

Technical summary

A use-after-free condition exists in LabVIEW's VI file parsing logic. When processing a malformed or corrupted VI file, memory is freed and subsequently accessed, creating conditions for arbitrary code execution. The vulnerability is triggered through user interaction (opening a malicious file) and executes with the privileges of the LabVIEW process.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade affected LabVIEW installations to patched versions: LabVIEW 2025 Q3 Patch 3 or later, LabVIEW 2024 Q3 Patch 5 or later, LabVIEW 2023 Q3 Patch 8 or later, or LabVIEW 2022 Q3 Patch 7 or later. LabVIEW 2021 is notin
• Implement application whitelisting to prevent execution of untrusted VI files.
• Train users to avoid opening VI files from untrusted sources and to verify file origins before opening.
• Apply defense-in-depth strategies for industrial control systems environments per CISA guidance.

Evidence notes

Source: CISA CSAF advisory ICSA-25-352-03. CVSS 3.1 vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Attack vector requires local access with user interaction (opening a malicious VI file).

Official resources