CVE-2025-64468 is a use-after-free vulnerability classified under CWE-416, found in the National Instruments (NI) LabVIEW software, specifically in the function sentry!sentry_span_set_data(). This vulnerability arises when LabVIEW parses a corrupted VI (Virtual Instrument) file, leading to the use of memory after it has been freed. Such a condition can cause unpredictable behavior, including memory corruption, which attackers can leverage to execute arbitrary code or disclose sensitive information. The vulnerability affects NI LabVIEW versions 0, 23.1.0, 24.1.0, and 25.1.0, including the 2025 Q3 release (25.3) and prior versions. Exploitation requires an attacker to convince a user to open a specially crafted VI file, making user interaction necessary. The CVSS v3.1 score is 7.8 (high severity) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability. No patches or known exploits are currently reported, but the vulnerability poses a significant risk given LabVIEW’s use in critical engineering and industrial environments. The flaw could be exploited to compromise systems running LabVIEW, potentially disrupting industrial processes or leaking proprietary data.

For European organizations, the impact of CVE-2025-64468 could be substantial, especially in sectors relying heavily on NI LabVIEW for automation, control systems, and research such as manufacturing, automotive, aerospace, and academia. Successful exploitation could lead to arbitrary code execution, allowing attackers to gain control over affected systems, disrupt operations, or exfiltrate sensitive intellectual property. Information disclosure could expose proprietary designs or operational data, undermining competitive advantage and compliance with data protection regulations like GDPR. The requirement for user interaction (opening a malicious VI file) means phishing or social engineering could be vectors for attack. Given LabVIEW’s integration in industrial control and test environments, exploitation could also impact availability, causing downtime or safety risks. The high confidentiality, integrity, and availability impact underscores the criticality of addressing this vulnerability promptly in European industrial and research institutions.

Organizations should implement the following specific mitigations: 1) Immediately restrict the opening of VI files from untrusted or unknown sources; enforce strict file validation and scanning policies. 2) Educate users about the risks of opening unsolicited or suspicious VI files, emphasizing social engineering awareness. 3) Employ application whitelisting to limit execution of unauthorized LabVIEW projects or files. 4) Monitor LabVIEW environments for unusual behavior or crashes that could indicate exploitation attempts. 5) Once NI releases official patches or updates, prioritize their deployment across all affected LabVIEW installations. 6) Use network segmentation to isolate critical LabVIEW systems from general user environments to reduce attack surface. 7) Maintain up-to-date backups of critical LabVIEW projects and configurations to enable rapid recovery. 8) Coordinate with NI support channels for any interim mitigations or advisories. These steps go beyond generic advice by focusing on controlling file sources, user behavior, and environment segmentation tailored to LabVIEW’s operational context.