CVE-2025-64464 is an out-of-bounds read vulnerability classified under CWE-125 found in the National Instruments (NI) LabVIEW software, specifically in the lvre!VisaWriteFromFile() function. This function is responsible for parsing VI (Virtual Instrument) files, which are core components in LabVIEW for graphical programming. The vulnerability arises when the function processes a corrupted VI file crafted maliciously to trigger an out-of-bounds read, potentially exposing sensitive memory contents or enabling arbitrary code execution. The attack vector requires an attacker to convince a user to open a specially crafted VI file, making user interaction necessary. The vulnerability affects NI LabVIEW versions up to 25.3 (2025 Q3), including earlier versions 23.1.0, 24.1.0, and 25.1.0. The CVSS v3.1 score of 7.8 reflects a high severity, with an attack vector of local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:R). The impact scope is unchanged (S:U), with high confidentiality, integrity, and availability impacts (C:H/I:H/A:H). Although no public exploits are known at this time, the vulnerability's nature and impact make it a significant threat, especially in environments where LabVIEW is used for critical industrial control, automation, or research applications. The lack of available patches at the time of publication necessitates immediate risk mitigation strategies.

The vulnerability poses a substantial risk to European organizations using NI LabVIEW, particularly in sectors such as industrial automation, manufacturing, research laboratories, and engineering firms. Successful exploitation can lead to unauthorized disclosure of sensitive information, including intellectual property embedded in VI files or memory, and potentially allow attackers to execute arbitrary code, leading to system compromise. This could disrupt critical operations, cause data breaches, or enable further lateral movement within networks. Given LabVIEW's widespread use in European industrial and research sectors, the impact could extend to operational downtime, financial losses, and reputational damage. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments where users frequently exchange VI files. The absence of known exploits in the wild currently reduces immediate threat levels but vigilance is necessary as exploit development could follow disclosure.

1. Monitor NI's official channels for patches addressing CVE-2025-64464 and apply them promptly once available. 2. Implement strict controls on the sources of VI files, restricting users from opening files from untrusted or unknown origins. 3. Employ sandboxing or isolated environments for opening VI files, minimizing potential damage from exploitation. 4. Educate users about the risks of opening unsolicited or suspicious VI files, emphasizing cautious handling of file attachments and downloads. 5. Use endpoint detection and response (EDR) solutions to monitor for anomalous behaviors indicative of exploitation attempts. 6. Conduct regular security audits of systems running LabVIEW to identify unauthorized changes or suspicious activities. 7. Where feasible, limit LabVIEW usage to trusted networks and segregate critical systems to reduce attack surface. 8. Implement application whitelisting to prevent execution of unauthorized code that could result from exploitation.