Memory Corruption Vulnerability in NI LabVIEW
CVE-2025-7849

8.5HIGH

Key Information:

Vendor: Ni
Status: Labview
Vendor: CVE Published:; 29 July 2025

What is CVE-2025-7849?

A memory corruption vulnerability exists in NI LabVIEW due to improper error handling when a VILinkObj is null. This flaw may lead to arbitrary code execution if an attacker convinces a user to open a specially crafted VI. The affected versions include NI LabVIEW 2025 Q1 and earlier releases, highlighting the importance of timely security updates and user awareness.

Affected Version(s)

LabVIEW 0 <= 22.3.5

LabVIEW 23.0.0 <= 23.3.6

LabVIEW 24.0.0 <= 24.3.3

References

https://www.ni.com/en/support/security/available-critical...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Jul 18, 2025

Credit

Rocco Calvi (@TecR0c) with TecSecurity working with Trend Micro Zero Day Initiative

Ni

What is CVE-2025-7849?

Affected Version(s)

References

CVSS V4

Timeline

Credit