Memory Corruption Vulnerability in NI LabVIEW Software
CVE-2025-7848

8.5HIGH

Key Information:

Vendor: Ni
Status: Labview
Vendor: CVE Published:; 29 July 2025

What is CVE-2025-7848?

A memory corruption issue exists in National Instruments' NI LabVIEW software due to improper input validation in the 'lvpict.cpp' component. This vulnerability could enable an attacker to execute arbitrary code on a user's system by tricking them into opening a specially crafted virtual instrument (VI). It affects NI LabVIEW versions 2025 Q1 and earlier, highlighting the importance of users keeping their software updated and being cautious with untrusted files.

Affected Version(s)

LabVIEW 0 <= 22.3.5

LabVIEW 23.0.0 <= 23.3.6

LabVIEW 24.0.0 <= 24.3.3

References

https://www.ni.com/en/support/security/available-critical...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Jul 18, 2025

Credit

Rocco Calvi (@TecR0c) with TecSecurity working with Trend Micro Zero Day Initiative

Ni

What is CVE-2025-7848?

Affected Version(s)

References

CVSS V4

Timeline

Credit