CVE-2025-64466

EUVD-2025-204276
There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost() when parsing a corrupted VI file.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NICNA
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
nilabview
𝑥
≤ 22.3.6
CNA
nilabview
23.1.0 ≤
𝑥
≤ 23.3.7
CNA
nilabview
24.1.0 ≤
𝑥
≤ 24.3.4
CNA
nilabview
25.1.0 ≤
𝑥
≤ 25.3.2
CNA
Common Weakness Enumeration
References
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html