CVE-2025-64465 is an out-of-bounds read vulnerability classified under CWE-125 found in National Instruments (NI) LabVIEW software, specifically within the lvre!DataSizeTDR() function responsible for parsing VI (Virtual Instrument) files. The vulnerability arises when LabVIEW processes a corrupted or specially crafted VI file, leading to an out-of-bounds memory read. This can result in the disclosure of sensitive information or, more critically, enable arbitrary code execution due to memory corruption. The flaw affects NI LabVIEW versions up to and including 2025 Q3 (25.3) and prior releases such as 23.1.0, 24.1.0, and 25.1.0. Exploitation requires an attacker to convince a user to open a malicious VI file, implying user interaction is necessary but no prior authentication or elevated privileges are required. The CVSS v3.1 base score of 7.8 reflects high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no known exploits have been reported in the wild, the vulnerability's nature makes it a significant risk, especially in environments where LabVIEW is used for critical engineering, automation, or research tasks. The lack of an official patch at the time of disclosure necessitates immediate risk mitigation strategies.

For European organizations, the impact of CVE-2025-64465 can be substantial, particularly in sectors relying heavily on NI LabVIEW for industrial automation, manufacturing process control, research and development, and embedded system design. Successful exploitation could lead to unauthorized disclosure of sensitive design data or intellectual property, undermining confidentiality. Arbitrary code execution could allow attackers to manipulate or disrupt critical operational technology systems, threatening integrity and availability. This could result in production downtime, safety hazards, or compromised product quality. Given the widespread use of LabVIEW in European engineering firms, automotive manufacturers, and research institutions, the vulnerability could facilitate targeted attacks by threat actors seeking industrial espionage or sabotage. The requirement for user interaction limits mass exploitation but does not eliminate risk, especially in environments with lax security awareness or insufficient file validation controls.

1. Implement strict policies to restrict opening VI files from untrusted or unknown sources, including email attachments and external downloads. 2. Educate users on the risks of opening unsolicited or suspicious VI files and promote awareness of this specific vulnerability. 3. Employ network segmentation to isolate systems running LabVIEW from general user networks, reducing the attack surface. 4. Use endpoint protection solutions capable of detecting anomalous behaviors associated with memory corruption or exploitation attempts. 5. Monitor for unusual LabVIEW process activity or crashes that could indicate exploitation attempts. 6. Coordinate with NI for timely updates and apply patches as soon as they become available. 7. Consider implementing file integrity monitoring on VI files to detect unauthorized modifications. 8. Where possible, sandbox LabVIEW environments or use virtual machines to contain potential exploitation impacts. 9. Review and harden LabVIEW configuration settings to minimize exposure to malformed files. 10. Maintain an incident response plan tailored to industrial control system compromises involving LabVIEW.