CVE-2025-64462 is an out-of-bounds read vulnerability classified under CWE-125 found in the NI LabVIEW software, specifically within the LVResFile::RGetMemFileHandle() function. This vulnerability occurs when LabVIEW parses a corrupted VI (Virtual Instrument) file, leading to an out-of-bounds memory read. Such memory access errors can cause the application to disclose sensitive information or allow an attacker to execute arbitrary code. The attack vector requires an attacker to convince a user to open a maliciously crafted VI file, which triggers the vulnerability. The affected versions include NI LabVIEW 25.3 (2025 Q3) and all prior versions, including 23.1.0, 24.1.0, and 25.1.0. The vulnerability has a CVSS v3.1 base score of 7.8, reflecting high severity, with the vector indicating local attack complexity, no privileges required, but user interaction is necessary. The scope is unchanged, but the impact on confidentiality, integrity, and availability is high. No patches or exploits are currently publicly available, but the risk remains significant due to the potential for arbitrary code execution. LabVIEW is widely used in engineering, automation, and scientific research environments, making this vulnerability particularly critical in those contexts.

For European organizations, the impact of CVE-2025-64462 can be substantial, especially in sectors relying heavily on NI LabVIEW for automation, industrial control, and research applications. Successful exploitation could lead to unauthorized disclosure of sensitive project data, intellectual property theft, or disruption of critical engineering processes through arbitrary code execution. This could affect operational continuity, lead to financial losses, and damage reputations. Given the integration of LabVIEW in manufacturing and research institutions, exploitation could also indirectly impact safety-critical systems. The requirement for user interaction (opening a malicious VI file) means social engineering or phishing campaigns could be leveraged by attackers. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate it, as attackers may develop exploits rapidly once the vulnerability is public. Organizations with collaborative environments where VI files are shared are at increased risk.

1. Restrict the sources from which VI files can be received and opened, implementing strict file transfer policies and scanning all incoming VI files with updated antivirus and sandboxing tools. 2. Educate users on the risks of opening VI files from untrusted or unknown sources, emphasizing cautious handling of email attachments and downloads. 3. Implement application whitelisting and sandboxing for LabVIEW to limit the impact of potential exploitation. 4. Monitor system and network activity for unusual behavior indicative of exploitation attempts, such as unexpected process launches or memory access anomalies. 5. Maintain an inventory of all LabVIEW installations and versions in use, prioritizing upgrades to versions beyond 25.3 once patches become available. 6. Engage with NI support channels to obtain patches or workarounds as soon as they are released. 7. Consider network segmentation to isolate systems running LabVIEW from general user environments to reduce exposure. 8. Employ endpoint detection and response (EDR) solutions capable of detecting exploitation behaviors related to memory corruption vulnerabilities.