PatchSiren cyber security CVE debrief
CVE-2025-64469 National Instruments CVE debrief
A stack-based buffer overflow vulnerability in National Instruments LabVIEW allows arbitrary code execution when a user opens a specially crafted VI file. The vulnerability was disclosed by CISA on December 18, 2025, with a CVSS 3.1 score of 7.8 (HIGH). Successful exploitation requires local access and user interaction—specifically, convincing a target to open a malicious VI file. National Instruments has released patched versions for supported LabVIEW releases (2022–2025), while LabVIEW 2021 is no longer in mainstream support and does not receive fixes. Organizations should prioritize upgrading to the specified patch levels and implement user awareness training to reduce social engineering risk.
- Vendor
- National Instruments
- Product
- LabVIEW
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-12-18
- Original CVE updated
- 2025-12-18
- Advisory published
- 2025-12-18
- Advisory updated
- 2025-12-18
Who should care
Organizations using National Instruments LabVIEW in engineering, test, measurement, and industrial automation environments. Priority for environments where LabVIEW files are exchanged between users or obtained from external sources. Teams managing OT/ICS networks with LabVIEW deployments should assess exposure and apply patches during next maintenance window.
Technical summary
CVE-2025-64469 is a stack-based buffer overflow in National Instruments LabVIEW triggered when opening a corrupted VI (Virtual Instrument) file. The vulnerability permits arbitrary code execution with the privileges of the user running LabVIEW. Attack complexity is low, but exploitation requires user interaction (opening a malicious file) and local attack vector. CVSS 3.1: 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). National Instruments has released security patches for LabVIEW 2022 Q3, 2023 Q3, 2024 Q3, and 2025 Q3; LabVIEW 2021 is end-of-life and unpatched.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade LabVIEW 2025 installations to Q3 Patch 3 or later via NI Package Manager or Software Downloads.
- Upgrade LabVIEW 2024 installations to Q3 Patch 5 or later via NI Package Manager or Software Downloads.
- Upgrade LabVIEW 2023 installations to Q3 Patch 8 or later via NI Package Manager or Software Downloads.
- Upgrade LabVIEW 2022 installations to Q3 Patch 7 or later via NI Package Manager or Software Downloads.
- If running LabVIEW 2021, migrate to a supported release (2022 or later) as this version is not in mainstream support and will not receive security patches.
- Implement user awareness training to reduce risk of social engineering attacks that could lead to opening malicious VI files.
- Apply defense-in-depth controls per CISA ICS recommended practices for industrial control system environments.
Evidence notes
CISA CSAF advisory ICSA-25-352-03 published 2025-12-18 confirms stack-based buffer overflow in LabVIEW when opening corrupted VI files, with arbitrary code execution impact. CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H yields 7.8. Vendor fix details specify patch levels for LabVIEW 2022–2025; LabVIEW 2021 explicitly noted as not in mainstream support.
Official resources
-
CVE-2025-64469 CVE record
CVE.org
-
CVE-2025-64469 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-12-18