CVE-2025-64461 is an out-of-bounds write vulnerability classified under CWE-787 found in National Instruments (NI) LabVIEW software, specifically within the mgocre_SH_25_3!RevBL() function responsible for parsing VI (Virtual Instrument) files. The vulnerability arises when LabVIEW processes a corrupted or specially crafted VI file, causing memory corruption due to writing outside the intended buffer boundaries. This can lead to severe consequences including arbitrary code execution and information disclosure. The attack vector requires an attacker to trick a user into opening a malicious VI file, making user interaction necessary. The vulnerability affects NI LabVIEW versions 25.3 (2025 Q3) and all prior versions, including 23.1.0, 24.1.0, and 25.1.0. The CVSS v3.1 base score is 7.8, reflecting high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). There are no known public exploits in the wild yet, and no patches have been linked at the time of reporting. LabVIEW is widely used in engineering, industrial automation, and scientific research environments, making this vulnerability particularly critical for organizations relying on it for critical operations. Exploitation could allow attackers to execute arbitrary code with the privileges of the user running LabVIEW, potentially leading to system compromise or data leakage.

For European organizations, the impact of CVE-2025-64461 can be significant, especially those in sectors heavily reliant on NI LabVIEW such as manufacturing, industrial automation, automotive, aerospace, and research institutions. Successful exploitation could lead to unauthorized disclosure of sensitive intellectual property, manipulation or sabotage of industrial control processes, and disruption of critical engineering workflows. This could result in financial losses, reputational damage, and safety risks. Given the high integrity and availability impact, attackers could alter or disable critical systems controlled or monitored via LabVIEW, potentially causing operational downtime. The requirement for user interaction limits mass exploitation but targeted spear-phishing or insider threat scenarios remain plausible. The lack of available patches at the time increases the window of exposure. Organizations with complex supply chains and collaborative engineering projects may also face risks from malicious VI files introduced via third parties.

1. Restrict the opening of VI files to trusted sources only; implement strict file validation and scanning policies. 2. Educate users about the risks of opening VI files from untrusted or unknown origins to reduce the likelihood of social engineering exploitation. 3. Employ application whitelisting and sandboxing techniques to limit the execution context of LabVIEW and contain potential exploits. 4. Monitor LabVIEW usage and file access logs for unusual activity indicative of exploitation attempts. 5. Coordinate with NI for timely patch deployment once updates become available; prioritize patching in environments with high exposure. 6. Consider network segmentation to isolate systems running LabVIEW from broader enterprise networks to limit lateral movement. 7. Implement endpoint detection and response (EDR) solutions capable of detecting anomalous behaviors related to memory corruption or code execution. 8. Review and harden user privileges to minimize the impact of a successful exploit, ensuring LabVIEW runs with least privilege necessary.