CVE-2025-64464 is an out-of-bounds read vulnerability classified under CWE-125 found in the National Instruments (NI) LabVIEW software, specifically within the lvre!VisaWriteFromFile() function. This function is responsible for handling VI (Virtual Instrument) files, which are core components in LabVIEW projects. The vulnerability arises when the function parses a corrupted or maliciously crafted VI file, leading to an out-of-bounds read condition. This memory safety flaw can cause the application to read memory beyond the intended buffer boundaries, potentially exposing sensitive information or enabling an attacker to execute arbitrary code. Successful exploitation requires an attacker to convince a user to open a specially crafted VI file, implying user interaction is necessary. The vulnerability affects multiple versions of LabVIEW, including 23.1.0, 24.1.0, 25.1.0, and earlier versions up to 25.3 (2025 Q3). The CVSS v3.1 score of 7.8 reflects a high severity, with an attack vector classified as local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:R). The impact scope is unchanged (S:U), with high confidentiality, integrity, and availability impacts (C:H/I:H/A:H). As of the published date, no known exploits have been reported in the wild, but the potential for serious damage exists due to the ability to execute arbitrary code. This vulnerability poses a significant risk to environments relying on LabVIEW for automation, testing, and control systems, especially where untrusted VI files might be introduced.

The vulnerability can lead to severe consequences including unauthorized disclosure of sensitive information, corruption or manipulation of data, and full system compromise through arbitrary code execution. Organizations using NI LabVIEW in critical infrastructure, manufacturing, or research environments could face operational disruptions, intellectual property theft, or safety risks if exploited. Since exploitation requires user interaction by opening a malicious VI file, social engineering or phishing could be used to deliver the payload. The broad impact on confidentiality, integrity, and availability means that affected systems could be used as footholds for further network intrusion or sabotage. The lack of required privileges lowers the barrier for attackers, increasing the threat to end users and organizations. Given LabVIEW's widespread use in engineering and industrial sectors, the vulnerability could affect a wide range of organizations globally, potentially impacting production lines, testing facilities, and automated control systems.

Organizations should immediately review their use of NI LabVIEW and restrict the opening of VI files from untrusted or unknown sources. Implement strict access controls and user training to reduce the risk of social engineering attacks that could lead to exploitation. Employ application whitelisting and sandboxing techniques to limit the execution context of LabVIEW and isolate it from critical systems. Monitor for unusual activity related to LabVIEW processes and file access patterns. Since no official patches are listed yet, coordinate with NI for timely updates or security advisories. Consider deploying endpoint detection and response (EDR) solutions capable of detecting anomalous memory access or code execution behaviors. Regularly back up critical LabVIEW projects and system configurations to enable recovery in case of compromise. Finally, implement network segmentation to limit the spread of any potential compromise originating from affected LabVIEW hosts.