Out of Bounds Write Vulnerability in NI LabVIEW
CVE-2025-64461

8.5HIGH

Key Information:

Vendor: Ni
Status: Labview
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-64461?

An out of bounds write vulnerability exists in NI LabVIEW's mgocre_SH_25_3!RevBL() function while parsing corrupted VI files. Exploitation requires user interaction, as an attacker must convince the user to open a specially crafted VI file. Successful exploitation can lead to the disclosure of sensitive information or execution of arbitrary code, representing a significant risk for systems running this software.

Affected Version(s)

LabVIEW 0 <= 22.3.6

LabVIEW 23.1.0 <= 23.3.7

LabVIEW 24.1.0 <= 24.3.4

References

https://www.ni.com/en/support/security/available-critical...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Nov 4, 2025

Credit

Michael Heinzl working with CISA

JSON

Ni

What is CVE-2025-64461?

Affected Version(s)

References

CVSS V4

Timeline

Credit