Perceptive Security
SOC/SIEM Consultancy
National Instruments LabView
Published:
18 december 2025 om 12:00:00
Alert date:
18 december 2025 om 18:04:12
Source:
cisa.gov
CISA published an advisory about nine vulnerabilities in National Instruments LabVIEW affecting versions 2021-2025. All vulnerabilities have a CVSS score of 7.8 (HIGH) and allow attackers to execute arbitrary code or disclose information through specially crafted VI files. The vulnerabilities include out-of-bounds write, out-of-bounds read, use-after-free, and stack-based buffer overflow issues. Exploitation requires user interaction to open a corrupted VI file. Patches are available for versions 2022-2025, while version 2021 is no longer supported. The software is used worldwide in critical infrastructure sectors including manufacturing, defense, IT, and transportation systems.
Technical details
Mitigation steps:
Affected products:
National Instruments LabVIEW
Related links:
https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-03
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-03.json
https://nvd.nist.gov/vuln/detail/CVE-2025-64461
https://nvd.nist.gov/vuln/detail/CVE-2025-64462
https://nvd.nist.gov/vuln/detail/CVE-2025-64463
https://nvd.nist.gov/vuln/detail/CVE-2025-64464
https://nvd.nist.gov/vuln/detail/CVE-2025-64465
https://nvd.nist.gov/vuln/detail/CVE-2025-64466
https://nvd.nist.gov/vuln/detail/CVE-2025-64467
https://nvd.nist.gov/vuln/detail/CVE-2025-64468
https://nvd.nist.gov/vuln/detail/CVE-2025-64469
https://cwe.mitre.org/data/definitions/787.html
https://cwe.mitre.org/data/definitions/125.html
https://cwe.mitre.org/data/definitions/416.html
https://cwe.mitre.org/data/definitions/121.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.