CVE-2025-64468 is a use-after-free vulnerability classified under CWE-416 found in National Instruments (NI) LabVIEW software, specifically in the function sentry!sentry_span_set_data(). This vulnerability arises during the parsing of corrupted or maliciously crafted Virtual Instrument (VI) files. When a user opens such a crafted VI file, the software improperly manages memory, leading to a use-after-free condition. This memory corruption can be exploited by attackers to execute arbitrary code with the privileges of the user running LabVIEW or to disclose sensitive information from memory. The vulnerability affects NI LabVIEW versions 23.1.0, 24.1.0, 25.1.0, and earlier, including the 2025 Q3 release (25.3). The CVSS v3.1 base score of 7.8 reflects a high severity, with attack vector classified as local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no public exploits are known at this time, the vulnerability poses a significant risk, especially in environments where LabVIEW is used to develop or run critical industrial control or research applications. The vulnerability's exploitation depends on convincing a user to open a malicious VI file, which could be delivered via phishing, insider threat, or compromised file shares. Given LabVIEW's widespread use in engineering and industrial automation, this vulnerability could be leveraged to disrupt operations or steal intellectual property.

For European organizations, the impact of CVE-2025-64468 can be substantial, particularly in sectors relying heavily on NI LabVIEW such as manufacturing, automotive, aerospace, and scientific research. Successful exploitation could lead to unauthorized disclosure of sensitive design data or intellectual property, disruption of industrial processes, or full system compromise if arbitrary code execution is achieved. This could result in operational downtime, financial losses, regulatory penalties under GDPR if personal or sensitive data is exposed, and reputational damage. The requirement for user interaction limits mass exploitation but targeted attacks against engineers or researchers are plausible. The high integrity and availability impact means that critical control systems or research experiments could be manipulated or halted, affecting supply chains and innovation pipelines. Additionally, the vulnerability could be leveraged as a foothold for lateral movement within corporate networks, increasing the risk of broader compromise.

Immediate mitigation should focus on minimizing the risk of opening malicious VI files. Organizations should implement strict controls on file sharing and email attachments involving VI files, including user training to recognize suspicious files. Employ application whitelisting and sandboxing to restrict LabVIEW’s ability to execute untrusted code. Network segmentation should isolate engineering workstations from general corporate networks to limit lateral movement. Monitor endpoint behavior for unusual activity related to LabVIEW processes. Since no patches are currently available, maintain close communication with NI for updates and apply security patches promptly once released. Conduct regular backups of critical VI files and system configurations to enable recovery. Consider deploying endpoint detection and response (EDR) solutions with heuristics for memory corruption detection. Finally, enforce the principle of least privilege on user accounts running LabVIEW to reduce potential damage from exploitation.