Code Injection Vulnerability in NI LabVIEW using CIN Nodes

NI strongly recommends upgrading the affected software to mitigate these vulnerabilities.  Refer to the Affected Products section for information on upgrading these products. 

Code Interface Nodes (CIN) are no longer supported in LabVIEW following the upgrade to LabVIEW 2025 Q3, or after the installation of the patch for versions listed below.  Users should use other methods, for example a Call Library Function Nodes (CLFN), for interfacing with external code.

For backwards compatibility in existing applications, users can re-enable CIN nodes by setting EnableCodeInterfaceNodes=True in the configuration file. This should only be done if users understand the risk to their application(s).  

CVE-2025-7361 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-7361 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

At NI, we view the security of our products as an important part of our commitment to our customers.  Go to ni.com/security to stay informed and act upon security alerts and issues.

• CVE-2025-7361 - National Vulnerability Database
• CWE-94 – ‘Code Injection’