CVE-2025-64463 is an out-of-bounds read vulnerability classified under CWE-125, found in the LVResource::DetachResource() function of National Instruments (NI) LabVIEW software. The flaw occurs during the parsing of corrupted VI (Virtual Instrument) files, which are proprietary files used by LabVIEW to represent graphical programs. When a specially crafted VI file is opened, the vulnerability triggers an out-of-bounds read, potentially allowing an attacker to access memory beyond the intended buffer. This can lead to information disclosure or, more critically, arbitrary code execution within the context of the user running LabVIEW. The vulnerability affects versions 0, 23.1.0, 24.1.0, and 25.1.0, including the 2025 Q3 release (25.3) and earlier. Exploitation requires user interaction, specifically opening a malicious VI file, and no privileges are required beforehand. The CVSS v3.1 score is 7.8, reflecting high impact due to the potential for confidentiality, integrity, and availability compromise. Although no public exploits are currently known, the nature of the vulnerability and the widespread use of LabVIEW in industrial, engineering, and scientific environments make it a significant threat. The lack of available patches at the time of reporting necessitates immediate mitigation efforts to reduce risk.

The vulnerability poses a serious risk to organizations relying on NI LabVIEW for critical engineering, automation, and testing workflows. Successful exploitation can lead to unauthorized disclosure of sensitive information, including intellectual property embedded in VI files or memory. More severely, arbitrary code execution could allow attackers to execute malicious payloads, potentially leading to system compromise, data corruption, or disruption of industrial processes. Given LabVIEW's use in sectors such as manufacturing, aerospace, automotive, and research institutions, the impact could extend to operational downtime, loss of proprietary data, and safety hazards if control systems are affected. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments where VI files are shared or downloaded from external sources. The absence of known exploits currently provides a window for proactive defense, but the high CVSS score underscores the urgency of addressing this vulnerability.

Organizations should implement strict controls on the handling and opening of VI files, especially those received from untrusted or external sources. Employ application whitelisting and sandboxing techniques to isolate LabVIEW processes and limit the impact of potential exploitation. Network segmentation can reduce exposure of critical systems running LabVIEW. Until official patches are released, consider disabling or restricting the use of LabVIEW on endpoints that are exposed to untrusted file sources. Educate users about the risks of opening unsolicited VI files and enforce policies for verifying file integrity and provenance. Monitor systems for unusual behavior indicative of exploitation attempts, such as unexpected memory access patterns or process anomalies. Engage with NI support channels to obtain updates on patch availability and apply them promptly once released. Additionally, maintain up-to-date backups of critical VI files and system configurations to enable recovery in case of compromise.