PatchSiren cyber security CVE debrief
CVE-2025-2633 NI CVE debrief
CVE-2025-2633 affects National Instruments LabVIEW 2025 Q1 and prior versions. CISA’s advisory describes an improper restriction of operations within the bounds of a memory buffer that may lead to invalid memory reads, information disclosure, and arbitrary code execution. National Instruments has released patches for affected products.
- Vendor
- NI
- Product
- LabVIEW
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-29
- Original CVE updated
- 2025-07-29
- Advisory published
- 2025-07-29
- Advisory updated
- 2025-07-29
Who should care
Organizations using National Instruments LabVIEW, especially environments running LabVIEW 2025 Q1 or earlier. This is most relevant to engineering, test, and industrial-control workflows where LabVIEW projects are deployed or maintained on operational systems.
Technical summary
CISA’s CSAF advisory for ICSA-25-210-01 identifies CVE-2025-2633 in National Instruments LabVIEW 2025 Q1 and prior versions. The issue is described as an improper restriction of operations within the bounds of a memory buffer, which may cause invalid memory reads. The vendor/advisory text also states the condition may allow information disclosure and arbitrary code execution. The supplied CVSS 3.1 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, with a score of 7.8 (High). National Instruments lists patches as available for the affected product family.
Defensive priority
High. The issue is publicly disclosed, rated High by CVSS, and has a vendor-provided patch path. Prioritize remediation on systems running affected LabVIEW versions, especially where the software is used in operational or engineering environments.
Recommended defensive actions
- Update National Instruments LabVIEW to a patched version provided for CVE-2025-2633.
- Verify whether any systems are running LabVIEW 2025 Q1 or earlier, including development workstations and deployed operational hosts.
- Treat the advisory’s information-disclosure and code-execution impact as security-relevant and assess exposed workflows accordingly.
- Use the National Instruments advisory and linked remediation guidance to confirm the correct fix for your product version.
- If immediate patching is not possible, restrict access to affected systems and limit interactive use to trusted operators until remediation is complete.
Evidence notes
Source evidence is limited to the supplied CISA CSAF advisory and official references. The advisory title is "National Instruments LabVIEW" with tracking ID ICSA-25-210-01 and initial publication on 2025-07-29T06:00:00Z. The affected product entry is "National Instruments LabVIEW: <=2025_Q1". The advisory text states: "LabVIEW 2025 Q1 and prior versions are affected by an improper restriction of operations within the bounds of a memory buffer vulnerability, which may allow a local attacker to disclose information and execute arbitrary code remotely, resulting in invalid memory reads." National Instruments remediation notes indicate patches are available and point to the vendor advisory.
Official resources
-
CVE-2025-2633 CVE record
CVE.org
-
CVE-2025-2633 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in ICS Advisory ICSA-25-210-01 on 2025-07-29T06:00:00Z. No KEV listing was provided in the supplied data.