Search criteria
116 vulnerabilities found for LabVIEW by NI
FKIE_CVE-2025-64468
Vulnerability from fkie_nvd - Published: 2025-12-18 15:15 - Updated: 2025-12-24 15:11
Severity ?
Summary
There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "85B3D429-4F3D-44CC-9304-837FB6D7E2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1FB7783C-FCB2-4564-98CF-F76F848E8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "82EE4E24-D802-4F6A-82E3-125221C1609C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "329575A0-F12E-478B-9A83-F747D6A161AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "F25A1816-08CA-4467-8025-AD57562D7C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*",
"matchCriteriaId": "B282A345-3513-42FE-86C7-B38EA401CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*",
"matchCriteriaId": "2619FCBC-4CE0-46D6-8536-CC68374CCFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AD79D082-AFF5-42CB-9D6C-12CF9A59D205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "3B759A99-F766-4FE4-A1FF-A2D5026A6BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "BC3DC6DA-16FA-443D-B050-23CB7EC6602E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*",
"matchCriteriaId": "FB0991CF-642F-46D2-9C47-9540347DC074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D776E6DE-2635-4172-B08D-B7FB2D1048F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*",
"matchCriteriaId": "55237E7D-9149-4204-A8FE-354CD2BC1220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*",
"matchCriteriaId": "FCD3C5B7-0060-453E-BA84-5FCA1BCF862C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*",
"matchCriteriaId": "2687359A-8469-4E4A-A0BA-0AC6CFDD0344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "4D80D557-E4E0-4EDD-95EC-6BA679C5E018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "93777929-90AB-4B5C-946B-7052B9DE91C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions"
}
],
"id": "CVE-2025-64468",
"lastModified": "2025-12-24T15:11:39.433",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@ni.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@ni.com",
"type": "Secondary"
}
]
},
"published": "2025-12-18T15:15:59.043",
"references": [
{
"source": "security@ni.com",
"tags": [
"Vendor Advisory",
"Mitigation"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"sourceIdentifier": "security@ni.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security@ni.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-64469
Vulnerability from fkie_nvd - Published: 2025-12-18 15:15 - Updated: 2025-12-24 15:09
Severity ?
Summary
There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "85B3D429-4F3D-44CC-9304-837FB6D7E2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1FB7783C-FCB2-4564-98CF-F76F848E8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "82EE4E24-D802-4F6A-82E3-125221C1609C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "329575A0-F12E-478B-9A83-F747D6A161AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "F25A1816-08CA-4467-8025-AD57562D7C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*",
"matchCriteriaId": "B282A345-3513-42FE-86C7-B38EA401CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*",
"matchCriteriaId": "2619FCBC-4CE0-46D6-8536-CC68374CCFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AD79D082-AFF5-42CB-9D6C-12CF9A59D205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "3B759A99-F766-4FE4-A1FF-A2D5026A6BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "BC3DC6DA-16FA-443D-B050-23CB7EC6602E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*",
"matchCriteriaId": "FB0991CF-642F-46D2-9C47-9540347DC074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D776E6DE-2635-4172-B08D-B7FB2D1048F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*",
"matchCriteriaId": "55237E7D-9149-4204-A8FE-354CD2BC1220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*",
"matchCriteriaId": "FCD3C5B7-0060-453E-BA84-5FCA1BCF862C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*",
"matchCriteriaId": "2687359A-8469-4E4A-A0BA-0AC6CFDD0344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "4D80D557-E4E0-4EDD-95EC-6BA679C5E018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "93777929-90AB-4B5C-946B-7052B9DE91C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"id": "CVE-2025-64469",
"lastModified": "2025-12-24T15:09:34.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@ni.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@ni.com",
"type": "Secondary"
}
]
},
"published": "2025-12-18T15:15:59.193",
"references": [
{
"source": "security@ni.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"sourceIdentifier": "security@ni.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "security@ni.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-64462
Vulnerability from fkie_nvd - Published: 2025-12-18 15:15 - Updated: 2025-12-24 15:10
Severity ?
Summary
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "85B3D429-4F3D-44CC-9304-837FB6D7E2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1FB7783C-FCB2-4564-98CF-F76F848E8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "82EE4E24-D802-4F6A-82E3-125221C1609C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "329575A0-F12E-478B-9A83-F747D6A161AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "F25A1816-08CA-4467-8025-AD57562D7C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*",
"matchCriteriaId": "B282A345-3513-42FE-86C7-B38EA401CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*",
"matchCriteriaId": "2619FCBC-4CE0-46D6-8536-CC68374CCFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AD79D082-AFF5-42CB-9D6C-12CF9A59D205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "3B759A99-F766-4FE4-A1FF-A2D5026A6BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "BC3DC6DA-16FA-443D-B050-23CB7EC6602E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*",
"matchCriteriaId": "FB0991CF-642F-46D2-9C47-9540347DC074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D776E6DE-2635-4172-B08D-B7FB2D1048F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*",
"matchCriteriaId": "55237E7D-9149-4204-A8FE-354CD2BC1220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*",
"matchCriteriaId": "FCD3C5B7-0060-453E-BA84-5FCA1BCF862C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*",
"matchCriteriaId": "2687359A-8469-4E4A-A0BA-0AC6CFDD0344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "4D80D557-E4E0-4EDD-95EC-6BA679C5E018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "93777929-90AB-4B5C-946B-7052B9DE91C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"id": "CVE-2025-64462",
"lastModified": "2025-12-24T15:10:50.313",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@ni.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@ni.com",
"type": "Secondary"
}
]
},
"published": "2025-12-18T15:15:58.177",
"references": [
{
"source": "security@ni.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"sourceIdentifier": "security@ni.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security@ni.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-64466
Vulnerability from fkie_nvd - Published: 2025-12-18 15:15 - Updated: 2025-12-24 15:11
Severity ?
Summary
There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "85B3D429-4F3D-44CC-9304-837FB6D7E2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1FB7783C-FCB2-4564-98CF-F76F848E8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "82EE4E24-D802-4F6A-82E3-125221C1609C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "329575A0-F12E-478B-9A83-F747D6A161AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "F25A1816-08CA-4467-8025-AD57562D7C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*",
"matchCriteriaId": "B282A345-3513-42FE-86C7-B38EA401CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*",
"matchCriteriaId": "2619FCBC-4CE0-46D6-8536-CC68374CCFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AD79D082-AFF5-42CB-9D6C-12CF9A59D205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "3B759A99-F766-4FE4-A1FF-A2D5026A6BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "BC3DC6DA-16FA-443D-B050-23CB7EC6602E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*",
"matchCriteriaId": "FB0991CF-642F-46D2-9C47-9540347DC074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D776E6DE-2635-4172-B08D-B7FB2D1048F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*",
"matchCriteriaId": "55237E7D-9149-4204-A8FE-354CD2BC1220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*",
"matchCriteriaId": "FCD3C5B7-0060-453E-BA84-5FCA1BCF862C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*",
"matchCriteriaId": "2687359A-8469-4E4A-A0BA-0AC6CFDD0344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "4D80D557-E4E0-4EDD-95EC-6BA679C5E018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "93777929-90AB-4B5C-946B-7052B9DE91C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"id": "CVE-2025-64466",
"lastModified": "2025-12-24T15:11:26.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@ni.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@ni.com",
"type": "Secondary"
}
]
},
"published": "2025-12-18T15:15:58.747",
"references": [
{
"source": "security@ni.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"sourceIdentifier": "security@ni.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security@ni.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-64463
Vulnerability from fkie_nvd - Published: 2025-12-18 15:15 - Updated: 2025-12-24 15:10
Severity ?
Summary
There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "85B3D429-4F3D-44CC-9304-837FB6D7E2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1FB7783C-FCB2-4564-98CF-F76F848E8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "82EE4E24-D802-4F6A-82E3-125221C1609C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "329575A0-F12E-478B-9A83-F747D6A161AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "F25A1816-08CA-4467-8025-AD57562D7C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*",
"matchCriteriaId": "B282A345-3513-42FE-86C7-B38EA401CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*",
"matchCriteriaId": "2619FCBC-4CE0-46D6-8536-CC68374CCFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AD79D082-AFF5-42CB-9D6C-12CF9A59D205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "3B759A99-F766-4FE4-A1FF-A2D5026A6BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "BC3DC6DA-16FA-443D-B050-23CB7EC6602E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*",
"matchCriteriaId": "FB0991CF-642F-46D2-9C47-9540347DC074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D776E6DE-2635-4172-B08D-B7FB2D1048F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*",
"matchCriteriaId": "55237E7D-9149-4204-A8FE-354CD2BC1220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*",
"matchCriteriaId": "FCD3C5B7-0060-453E-BA84-5FCA1BCF862C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*",
"matchCriteriaId": "2687359A-8469-4E4A-A0BA-0AC6CFDD0344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "4D80D557-E4E0-4EDD-95EC-6BA679C5E018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "93777929-90AB-4B5C-946B-7052B9DE91C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"id": "CVE-2025-64463",
"lastModified": "2025-12-24T15:10:55.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@ni.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@ni.com",
"type": "Secondary"
}
]
},
"published": "2025-12-18T15:15:58.317",
"references": [
{
"source": "security@ni.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"sourceIdentifier": "security@ni.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security@ni.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-64467
Vulnerability from fkie_nvd - Published: 2025-12-18 15:15 - Updated: 2025-12-24 15:11
Severity ?
Summary
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "85B3D429-4F3D-44CC-9304-837FB6D7E2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1FB7783C-FCB2-4564-98CF-F76F848E8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "82EE4E24-D802-4F6A-82E3-125221C1609C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "329575A0-F12E-478B-9A83-F747D6A161AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "F25A1816-08CA-4467-8025-AD57562D7C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*",
"matchCriteriaId": "B282A345-3513-42FE-86C7-B38EA401CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*",
"matchCriteriaId": "2619FCBC-4CE0-46D6-8536-CC68374CCFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AD79D082-AFF5-42CB-9D6C-12CF9A59D205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "3B759A99-F766-4FE4-A1FF-A2D5026A6BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "BC3DC6DA-16FA-443D-B050-23CB7EC6602E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*",
"matchCriteriaId": "FB0991CF-642F-46D2-9C47-9540347DC074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D776E6DE-2635-4172-B08D-B7FB2D1048F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*",
"matchCriteriaId": "55237E7D-9149-4204-A8FE-354CD2BC1220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*",
"matchCriteriaId": "FCD3C5B7-0060-453E-BA84-5FCA1BCF862C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*",
"matchCriteriaId": "2687359A-8469-4E4A-A0BA-0AC6CFDD0344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "4D80D557-E4E0-4EDD-95EC-6BA679C5E018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "93777929-90AB-4B5C-946B-7052B9DE91C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"id": "CVE-2025-64467",
"lastModified": "2025-12-24T15:11:29.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@ni.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@ni.com",
"type": "Secondary"
}
]
},
"published": "2025-12-18T15:15:58.893",
"references": [
{
"source": "security@ni.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"sourceIdentifier": "security@ni.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security@ni.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-64464
Vulnerability from fkie_nvd - Published: 2025-12-18 15:15 - Updated: 2025-12-24 15:11
Severity ?
Summary
There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "85B3D429-4F3D-44CC-9304-837FB6D7E2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1FB7783C-FCB2-4564-98CF-F76F848E8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "82EE4E24-D802-4F6A-82E3-125221C1609C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "329575A0-F12E-478B-9A83-F747D6A161AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "F25A1816-08CA-4467-8025-AD57562D7C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*",
"matchCriteriaId": "B282A345-3513-42FE-86C7-B38EA401CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*",
"matchCriteriaId": "2619FCBC-4CE0-46D6-8536-CC68374CCFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AD79D082-AFF5-42CB-9D6C-12CF9A59D205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "3B759A99-F766-4FE4-A1FF-A2D5026A6BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "BC3DC6DA-16FA-443D-B050-23CB7EC6602E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*",
"matchCriteriaId": "FB0991CF-642F-46D2-9C47-9540347DC074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D776E6DE-2635-4172-B08D-B7FB2D1048F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*",
"matchCriteriaId": "55237E7D-9149-4204-A8FE-354CD2BC1220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*",
"matchCriteriaId": "FCD3C5B7-0060-453E-BA84-5FCA1BCF862C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*",
"matchCriteriaId": "2687359A-8469-4E4A-A0BA-0AC6CFDD0344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "4D80D557-E4E0-4EDD-95EC-6BA679C5E018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "93777929-90AB-4B5C-946B-7052B9DE91C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"id": "CVE-2025-64464",
"lastModified": "2025-12-24T15:11:02.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@ni.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@ni.com",
"type": "Secondary"
}
]
},
"published": "2025-12-18T15:15:58.457",
"references": [
{
"source": "security@ni.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"sourceIdentifier": "security@ni.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security@ni.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-64465
Vulnerability from fkie_nvd - Published: 2025-12-18 15:15 - Updated: 2025-12-24 15:11
Severity ?
Summary
There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "85B3D429-4F3D-44CC-9304-837FB6D7E2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1FB7783C-FCB2-4564-98CF-F76F848E8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "82EE4E24-D802-4F6A-82E3-125221C1609C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "329575A0-F12E-478B-9A83-F747D6A161AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "F25A1816-08CA-4467-8025-AD57562D7C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*",
"matchCriteriaId": "B282A345-3513-42FE-86C7-B38EA401CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*",
"matchCriteriaId": "2619FCBC-4CE0-46D6-8536-CC68374CCFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AD79D082-AFF5-42CB-9D6C-12CF9A59D205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "3B759A99-F766-4FE4-A1FF-A2D5026A6BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "BC3DC6DA-16FA-443D-B050-23CB7EC6602E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*",
"matchCriteriaId": "FB0991CF-642F-46D2-9C47-9540347DC074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D776E6DE-2635-4172-B08D-B7FB2D1048F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*",
"matchCriteriaId": "55237E7D-9149-4204-A8FE-354CD2BC1220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*",
"matchCriteriaId": "FCD3C5B7-0060-453E-BA84-5FCA1BCF862C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*",
"matchCriteriaId": "2687359A-8469-4E4A-A0BA-0AC6CFDD0344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "4D80D557-E4E0-4EDD-95EC-6BA679C5E018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "93777929-90AB-4B5C-946B-7052B9DE91C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"id": "CVE-2025-64465",
"lastModified": "2025-12-24T15:11:06.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@ni.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@ni.com",
"type": "Secondary"
}
]
},
"published": "2025-12-18T15:15:58.600",
"references": [
{
"source": "security@ni.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"sourceIdentifier": "security@ni.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security@ni.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-64461
Vulnerability from fkie_nvd - Published: 2025-12-18 15:15 - Updated: 2025-12-24 15:10
Severity ?
Summary
There is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "85B3D429-4F3D-44CC-9304-837FB6D7E2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1FB7783C-FCB2-4564-98CF-F76F848E8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "82EE4E24-D802-4F6A-82E3-125221C1609C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "329575A0-F12E-478B-9A83-F747D6A161AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "F25A1816-08CA-4467-8025-AD57562D7C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch7:*:*:*:*:*:*",
"matchCriteriaId": "B282A345-3513-42FE-86C7-B38EA401CE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:-:*:*:*:*:*:*",
"matchCriteriaId": "2619FCBC-4CE0-46D6-8536-CC68374CCFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AD79D082-AFF5-42CB-9D6C-12CF9A59D205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "3B759A99-F766-4FE4-A1FF-A2D5026A6BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "BC3DC6DA-16FA-443D-B050-23CB7EC6602E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*",
"matchCriteriaId": "FB0991CF-642F-46D2-9C47-9540347DC074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D776E6DE-2635-4172-B08D-B7FB2D1048F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*",
"matchCriteriaId": "55237E7D-9149-4204-A8FE-354CD2BC1220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch3:*:*:*:*:*:*",
"matchCriteriaId": "FCD3C5B7-0060-453E-BA84-5FCA1BCF862C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3:*:*:*:*:*:*",
"matchCriteriaId": "2687359A-8469-4E4A-A0BA-0AC6CFDD0344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "4D80D557-E4E0-4EDD-95EC-6BA679C5E018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "93777929-90AB-4B5C-946B-7052B9DE91C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"id": "CVE-2025-64461",
"lastModified": "2025-12-24T15:10:44.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@ni.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@ni.com",
"type": "Secondary"
}
]
},
"published": "2025-12-18T15:15:58.020",
"references": [
{
"source": "security@ni.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"sourceIdentifier": "security@ni.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security@ni.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-7849
Vulnerability from fkie_nvd - Published: 2025-07-29 22:15 - Updated: 2025-08-19 15:43
Severity ?
Summary
A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | labview | * | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2022 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2023 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2024 | |
| ni | labview | 2025 | |
| ni | labview | 2025 | |
| ni | labview | 2025 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "807AE6D5-8096-47A2-A47D-1A5EFC85652D",
"versionEndIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
"matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
"matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "85B3D429-4F3D-44CC-9304-837FB6D7E2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2022:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "1FB7783C-FCB2-4564-98CF-F76F848E8E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
"matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
"matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
"matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch5:*:*:*:*:*:*",
"matchCriteriaId": "329575A0-F12E-478B-9A83-F747D6A161AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch6:*:*:*:*:*:*",
"matchCriteriaId": "F25A1816-08CA-4467-8025-AD57562D7C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
"matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3:*:*:*:*:*:*",
"matchCriteriaId": "5D99DCCD-511E-482E-8307-24382D1B621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch1:*:*:*:*:*:*",
"matchCriteriaId": "600A4905-B888-454F-9DF6-1C09FB71DBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch2:*:*:*:*:*:*",
"matchCriteriaId": "AD79D082-AFF5-42CB-9D6C-12CF9A59D205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2024:q3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "3B759A99-F766-4FE4-A1FF-A2D5026A6BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1:*:*:*:*:*:*",
"matchCriteriaId": "FB0991CF-642F-46D2-9C47-9540347DC074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "D776E6DE-2635-4172-B08D-B7FB2D1048F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:2025:q1_patch2:*:*:*:*:*:*",
"matchCriteriaId": "55237E7D-9149-4204-A8FE-354CD2BC1220",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en NI LabVIEW debido a la gesti\u00f3n incorrecta de errores cuando un VILinkObj es nulo. Esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Para explotarla con \u00e9xito, un atacante debe obligar al usuario a abrir un VI especialmente manipulado. Esta vulnerabilidad afecta a NI LabVIEW 2025 Q1 y versiones anteriores."
}
],
"id": "CVE-2025-7849",
"lastModified": "2025-08-19T15:43:11.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@ni.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@ni.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T22:15:26.030",
"references": [
{
"source": "security@ni.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"sourceIdentifier": "security@ni.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1285"
}
],
"source": "security@ni.com",
"type": "Secondary"
}
]
}
CVE-2025-64469 (GCVE-0-2025-64469)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:53 – Updated: 2025-12-19 04:55
VLAI?
Title
Stack-based Buffer Overflow in LVResource::DetachResource() in NI LabVIEW
Summary
There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-121 - - Stack-based Buffer Overflow
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:44.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-23",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-23 File Content Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 - Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:53:36.881Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack-based Buffer Overflow in\u00a0LVResource::DetachResource()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64469",
"datePublished": "2025-12-18T14:53:36.881Z",
"dateReserved": "2025-11-04T16:05:53.433Z",
"dateUpdated": "2025-12-19T04:55:44.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64468 (GCVE-0-2025-64468)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:50 – Updated: 2025-12-19 04:55
VLAI?
Title
Use-after-Free in sentry!sentry_span_set_data() in NI LabVIEW
Summary
There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:43.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions\u003c/p\u003e"
}
],
"value": "There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions"
}
],
"impacts": [
{
"capecId": "CAPEC-23",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-23 File Content Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:50:02.888Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use-after-Free in\u00a0sentry!sentry_span_set_data()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64468",
"datePublished": "2025-12-18T14:50:02.888Z",
"dateReserved": "2025-11-04T16:05:53.433Z",
"dateUpdated": "2025-12-19T04:55:43.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64467 (GCVE-0-2025-64467)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:40 – Updated: 2025-12-19 04:55
VLAI?
Title
Out-of-Bounds Read in LVResFile::FindRsrcListEntry() in NI LabVIEW
Summary
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:42.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:40:18.924Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in\u00a0LVResFile::FindRsrcListEntry()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64467",
"datePublished": "2025-12-18T14:40:18.924Z",
"dateReserved": "2025-11-04T16:05:53.433Z",
"dateUpdated": "2025-12-19T04:55:42.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64466 (GCVE-0-2025-64466)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:38 – Updated: 2025-12-19 04:55
VLAI?
Title
Out-of-Bounds Read in lvre!ExecPostedProcRecPost() in NI LabVIEW
Summary
There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:41.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:38:02.537Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in\u00a0lvre!ExecPostedProcRecPost()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64466",
"datePublished": "2025-12-18T14:38:02.537Z",
"dateReserved": "2025-11-04T16:05:53.433Z",
"dateUpdated": "2025-12-19T04:55:41.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64465 (GCVE-0-2025-64465)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:35 – Updated: 2025-12-19 04:55
VLAI?
Title
Out-of-Bounds Read in lvre!DataSizeTDR() in NI LabVIEW
Summary
There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64465",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:40.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:35:24.931Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in\u00a0lvre!DataSizeTDR()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64465",
"datePublished": "2025-12-18T14:35:24.931Z",
"dateReserved": "2025-11-04T16:05:53.433Z",
"dateUpdated": "2025-12-19T04:55:40.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64464 (GCVE-0-2025-64464)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:32 – Updated: 2025-12-19 04:55
VLAI?
Title
Out-of-Bounds Read in lvre!VisaWriteFromFile() in NI LabVIEW
Summary
There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:39.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:32:44.050Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in\u00a0lvre!VisaWriteFromFile()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64464",
"datePublished": "2025-12-18T14:32:44.050Z",
"dateReserved": "2025-11-04T16:05:53.432Z",
"dateUpdated": "2025-12-19T04:55:39.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64463 (GCVE-0-2025-64463)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:28 – Updated: 2025-12-19 04:55
VLAI?
Title
Out-of-Bounds Read in LVResource::DetachResource() in NI LabVIEW
Summary
There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:38.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:28:21.858Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in\u00a0LVResource::DetachResource()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64463",
"datePublished": "2025-12-18T14:28:21.858Z",
"dateReserved": "2025-11-04T16:05:53.432Z",
"dateUpdated": "2025-12-19T04:55:38.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64462 (GCVE-0-2025-64462)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:25 – Updated: 2025-12-19 04:55
VLAI?
Title
Out-of-Bounds Read in LVResFile::RGetMemFileHandle() in NI LabVIEW
Summary
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:37.137Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:25:21.972Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in\u00a0LVResFile::RGetMemFileHandle() in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64462",
"datePublished": "2025-12-18T14:25:21.972Z",
"dateReserved": "2025-11-04T16:05:53.432Z",
"dateUpdated": "2025-12-19T04:55:37.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64461 (GCVE-0-2025-64461)
Vulnerability from cvelistv5 – Published: 2025-12-18 14:21 – Updated: 2025-12-19 04:55
VLAI?
Title
Out of Bounds Write in mgocre_SH_25_3!RevBL() in NI LabVIEW
Summary
There is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:35.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:21:18.638Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of Bounds Write in\u00a0mgocre_SH_25_3!RevBL()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64461",
"datePublished": "2025-12-18T14:21:18.638Z",
"dateReserved": "2025-11-04T16:05:53.432Z",
"dateUpdated": "2025-12-19T04:55:35.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12097 (GCVE-0-2025-12097)
Vulnerability from cvelistv5 – Published: 2025-12-04 19:07 – Updated: 2025-12-08 20:50
VLAI?
Summary
There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files. This vulnerability existed in the NI System Web Server 2012 and prior versions. It was fixed in 2013.
Severity ?
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T20:50:14.740806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T20:50:23.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "12.*",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12.*",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. \u0026nbsp;Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files. \u0026nbsp;This vulnerability existed in the NI System Web Server 2012 and prior versions. \u0026nbsp;It was fixed in 2013. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. \u00a0Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files. \u00a0This vulnerability existed in the NI System Web Server 2012 and prior versions. \u00a0It was fixed in 2013."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23- Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T19:07:46.813Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/relative-path-traversal-vulnerability-in-ni-system-web-server.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-12097",
"datePublished": "2025-12-04T19:07:46.813Z",
"dateReserved": "2025-10-22T21:08:54.165Z",
"dateUpdated": "2025-12-08T20:50:23.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64469 (GCVE-0-2025-64469)
Vulnerability from nvd – Published: 2025-12-18 14:53 – Updated: 2025-12-19 04:55
VLAI?
Title
Stack-based Buffer Overflow in LVResource::DetachResource() in NI LabVIEW
Summary
There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-121 - - Stack-based Buffer Overflow
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:44.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-23",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-23 File Content Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 - Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:53:36.881Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack-based Buffer Overflow in\u00a0LVResource::DetachResource()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64469",
"datePublished": "2025-12-18T14:53:36.881Z",
"dateReserved": "2025-11-04T16:05:53.433Z",
"dateUpdated": "2025-12-19T04:55:44.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64468 (GCVE-0-2025-64468)
Vulnerability from nvd – Published: 2025-12-18 14:50 – Updated: 2025-12-19 04:55
VLAI?
Title
Use-after-Free in sentry!sentry_span_set_data() in NI LabVIEW
Summary
There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:43.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions\u003c/p\u003e"
}
],
"value": "There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions"
}
],
"impacts": [
{
"capecId": "CAPEC-23",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-23 File Content Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:50:02.888Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use-after-Free in\u00a0sentry!sentry_span_set_data()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64468",
"datePublished": "2025-12-18T14:50:02.888Z",
"dateReserved": "2025-11-04T16:05:53.433Z",
"dateUpdated": "2025-12-19T04:55:43.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64467 (GCVE-0-2025-64467)
Vulnerability from nvd – Published: 2025-12-18 14:40 – Updated: 2025-12-19 04:55
VLAI?
Title
Out-of-Bounds Read in LVResFile::FindRsrcListEntry() in NI LabVIEW
Summary
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:42.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:40:18.924Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in\u00a0LVResFile::FindRsrcListEntry()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64467",
"datePublished": "2025-12-18T14:40:18.924Z",
"dateReserved": "2025-11-04T16:05:53.433Z",
"dateUpdated": "2025-12-19T04:55:42.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64466 (GCVE-0-2025-64466)
Vulnerability from nvd – Published: 2025-12-18 14:38 – Updated: 2025-12-19 04:55
VLAI?
Title
Out-of-Bounds Read in lvre!ExecPostedProcRecPost() in NI LabVIEW
Summary
There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:41.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:38:02.537Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in\u00a0lvre!ExecPostedProcRecPost()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64466",
"datePublished": "2025-12-18T14:38:02.537Z",
"dateReserved": "2025-11-04T16:05:53.433Z",
"dateUpdated": "2025-12-19T04:55:41.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64465 (GCVE-0-2025-64465)
Vulnerability from nvd – Published: 2025-12-18 14:35 – Updated: 2025-12-19 04:55
VLAI?
Title
Out-of-Bounds Read in lvre!DataSizeTDR() in NI LabVIEW
Summary
There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64465",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:40.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:35:24.931Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in\u00a0lvre!DataSizeTDR()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64465",
"datePublished": "2025-12-18T14:35:24.931Z",
"dateReserved": "2025-11-04T16:05:53.433Z",
"dateUpdated": "2025-12-19T04:55:40.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64464 (GCVE-0-2025-64464)
Vulnerability from nvd – Published: 2025-12-18 14:32 – Updated: 2025-12-19 04:55
VLAI?
Title
Out-of-Bounds Read in lvre!VisaWriteFromFile() in NI LabVIEW
Summary
There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:39.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:32:44.050Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in\u00a0lvre!VisaWriteFromFile()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64464",
"datePublished": "2025-12-18T14:32:44.050Z",
"dateReserved": "2025-11-04T16:05:53.432Z",
"dateUpdated": "2025-12-19T04:55:39.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64463 (GCVE-0-2025-64463)
Vulnerability from nvd – Published: 2025-12-18 14:28 – Updated: 2025-12-19 04:55
VLAI?
Title
Out-of-Bounds Read in LVResource::DetachResource() in NI LabVIEW
Summary
There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:38.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:28:21.858Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in\u00a0LVResource::DetachResource()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64463",
"datePublished": "2025-12-18T14:28:21.858Z",
"dateReserved": "2025-11-04T16:05:53.432Z",
"dateUpdated": "2025-12-19T04:55:38.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64462 (GCVE-0-2025-64462)
Vulnerability from nvd – Published: 2025-12-18 14:25 – Updated: 2025-12-19 04:55
VLAI?
Title
Out-of-Bounds Read in LVResFile::RGetMemFileHandle() in NI LabVIEW
Summary
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:37.137Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:25:21.972Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read in\u00a0LVResFile::RGetMemFileHandle() in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64462",
"datePublished": "2025-12-18T14:25:21.972Z",
"dateReserved": "2025-11-04T16:05:53.432Z",
"dateUpdated": "2025-12-19T04:55:37.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64461 (GCVE-0-2025-64461)
Vulnerability from nvd – Published: 2025-12-18 14:21 – Updated: 2025-12-19 04:55
VLAI?
Title
Out of Bounds Write in mgocre_SH_25_3!RevBL() in NI LabVIEW
Summary
There is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
Credits
Michael Heinzl working with CISA
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:35.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "22.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.3.7",
"status": "affected",
"version": "23.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "24.3.4",
"status": "affected",
"version": "24.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "25.3.2",
"status": "affected",
"version": "25.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.3.6",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.3.7",
"versionStartIncluding": "23.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "24.3.4",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "25.3.2",
"versionStartIncluding": "25.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Heinzl working with CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions.\u003c/p\u003e"
}
],
"value": "There is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:21:18.638Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/multiple-memory-corruption-vulnerabilities-in-ni-labview.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of Bounds Write in\u00a0mgocre_SH_25_3!RevBL()\u00a0in NI LabVIEW",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-64461",
"datePublished": "2025-12-18T14:21:18.638Z",
"dateReserved": "2025-11-04T16:05:53.432Z",
"dateUpdated": "2025-12-19T04:55:35.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12097 (GCVE-0-2025-12097)
Vulnerability from nvd – Published: 2025-12-04 19:07 – Updated: 2025-12-08 20:50
VLAI?
Summary
There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files. This vulnerability existed in the NI System Web Server 2012 and prior versions. It was fixed in 2013.
Severity ?
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T20:50:14.740806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T20:50:23.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LabVIEW",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "12.*",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12.*",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. \u0026nbsp;Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files. \u0026nbsp;This vulnerability existed in the NI System Web Server 2012 and prior versions. \u0026nbsp;It was fixed in 2013. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. \u00a0Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files. \u00a0This vulnerability existed in the NI System Web Server 2012 and prior versions. \u00a0It was fixed in 2013."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23- Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T19:07:46.813Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/relative-path-traversal-vulnerability-in-ni-system-web-server.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2025-12097",
"datePublished": "2025-12-04T19:07:46.813Z",
"dateReserved": "2025-10-22T21:08:54.165Z",
"dateUpdated": "2025-12-08T20:50:23.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}