Multiple Memory Corruption Vulnerabilities in NI LabVIEW

Created Dec 11, 2025

Overview

There are nine memory corruption vulnerabilities recently discovered in NI LabVIEW that may result in information disclosure or arbitrary code execution.  Successful exploitation requires an attacker to get a user to open a specially crafted VI.  These vulnerabilities affect NI LabVIEW 2025 Q3 and prior versions.

These vulnerabilities are identified as:

CVE-2025-64461 – Out of Bounds Write in mgocre_SH_25_3!RevBL()
CVE-2025-64462 – Out-of-Bounds Read in LVResFile::RGetMemFileHandle()
CVE-2025-64463 – Out-of-Bounds Read in LVResource::DetachResource()
CVE-2025-64464 – Out-of-Bounds Read in lvre!VisaWriteFromFile()
CVE-2025-64465 – Out-of-Bounds Read in lvre!DataSizeTDR()
CVE-2025-64466 – Out-of-Bounds Read in lvre!ExecPostedProcRecPost()
CVE-2025-64467 – Out-of-Bounds Read in LVResFile::FindRsrcListEntry()
CVE-2025-64468 – Use-after-Free in sentry!sentry_span_set_data()
CVE-2025-64469 – Stack-based Buffer Overflow in LVResource::DetachResource()

Mitigation Guidance
Affected Products
CVSS Score
Further Information
Acknowledgements
Additional Resources

Mitigation Guidance

NI strongly recommends upgrading the affected software to mitigate these vulnerabilities.  Refer to the Affected Products section for information on upgrading these products. 

Affected Products

CVSS Score

CVE-2025-64461 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-64461 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-64462 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-64462 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-64463 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-64463 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-64464 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-64464 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-64465 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-64465 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-64466 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-64466 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-64467 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-64467 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-64468 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-64468 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-64469 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-64469 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Further Information

At NI, we view the security of our products as an important part of our commitment to our customers. Go to ni.com/security to stay informed and act upon security alerts and issues.

Acknowledgements

NI would like to thank Michael Heinzl working with CISA for reporting this issue and working with us on coordinated disclosure.

Additional Resources

CVE-2025-64461 - National Vulnerability Database
CVE-2025-64462 - National Vulnerability Database
CVE-2025-64463 - National Vulnerability Database
CVE-2025-64464 - National Vulnerability Database
CVE-2025-64465 - National Vulnerability Database
CVE-2025-64466 - National Vulnerability Database
CVE-2025-64467 - National Vulnerability Database
CVE-2025-64468 - National Vulnerability Database
CVE-2025-64469 - National Vulnerability Database
CWE-787 – Out-of-bounds Write
CWE-125 – Out-of-bounds Read
CWE-416 – Use after Free
CWE-121 – Stack-based Buffer Overflow

Product Version	Mitigation
LabVIEW 2025	Upgrade to LabVIEW 2025 Q3 Patch 3 or later from NI Package Manager or Software Downloads
LabVIEW 2024	Upgrade to LabVIEW 2024 Q3 Patch 5 or later from NI Package Manager or Software Downloads
LabVIEW 2023	Upgrade to LabVIEW 2023 Q3 Patch 8 or later from NI Package Manager or Software Downloads
LabVIEW 2022	Upgrade to LabVIEW 2022 Q3 Patch 7 or later from NI Package Manager or Software Downloads
LabVIEW 2021	Not in Mainstream Support

Was this information helpful?

Yes