Out of Bounds Read Vulnerability in NI LabVIEW Products
CVE-2025-64467

8.5HIGH

Key Information:

Vendor: Ni
Status: Labview
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-64467?

An out of bounds read vulnerability exists in NI LabVIEW within the LVResFile::FindRsrcListEntry() function when it attempts to parse a malformed VI file. This flaw could enable an attacker to gain unauthorized access to sensitive information or potentially execute arbitrary code. For effective exploitation, an attacker would need to trick a user into opening a specially crafted VI file. Affected versions include NI LabVIEW 2025 Q3 (25.3) and earlier, emphasizing the critical need for updates to protect against potential exploits.

Affected Version(s)

LabVIEW 0 <= 22.3.6

LabVIEW 23.1.0 <= 23.3.7

LabVIEW 24.1.0 <= 24.3.4

References

https://www.ni.com/en/support/security/available-critical...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Nov 4, 2025

Credit

Michael Heinzl working with CISA

JSON

Ni

What is CVE-2025-64467?

Affected Version(s)

References

CVSS V4

Timeline

Credit