CVE-2025-64468 is a use-after-free vulnerability classified under CWE-416 found in NI LabVIEW, a widely used system-design platform and development environment for visual programming. The vulnerability resides in the function sentry!sentry_span_set_data(), which is involved in parsing VI (Virtual Instrument) files. When a corrupted VI file is processed, the function improperly handles memory, leading to a use-after-free condition. This memory corruption can be exploited by an attacker who convinces a user to open a specially crafted VI file, triggering the vulnerability. The consequences of exploitation include potential arbitrary code execution, allowing an attacker to run malicious code with the privileges of the user opening the file, or information disclosure, leaking sensitive data from memory. The vulnerability affects NI LabVIEW versions 0, 23.1.0, 24.1.0, and 25.1.0, including the 2025 Q3 release (25.3) and prior versions. The CVSS v3.1 base score is 7.8, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No public exploits have been reported yet, but the vulnerability's nature and impact warrant urgent attention. The vulnerability is particularly concerning for environments where LabVIEW is used to develop or operate critical industrial control systems, scientific instrumentation, or engineering applications, as successful exploitation could lead to operational disruption or data compromise.

The impact of CVE-2025-64468 is significant for organizations relying on NI LabVIEW for critical operations. Successful exploitation can lead to arbitrary code execution, enabling attackers to execute malicious payloads, potentially leading to full system compromise under the user context. This can result in unauthorized access to sensitive data, disruption of engineering or industrial processes, and potential sabotage of critical infrastructure. Information disclosure may expose intellectual property or sensitive operational data. Since LabVIEW is often used in industrial automation, manufacturing, and research institutions, the vulnerability could have cascading effects on operational technology environments. The requirement for user interaction (opening a malicious VI file) limits mass exploitation but does not eliminate targeted attacks, especially spear-phishing or insider threat scenarios. The lack of known public exploits currently reduces immediate risk but also means organizations must proactively patch and implement mitigations before exploitation becomes widespread.

1. Apply patches or updates from NI as soon as they become available to address CVE-2025-64468. 2. Until patches are released, implement strict controls on the sources of VI files, including disabling or restricting the opening of VI files from untrusted or unknown origins. 3. Employ application whitelisting and endpoint protection solutions to detect and block suspicious behaviors related to LabVIEW processes. 4. Educate users about the risks of opening unsolicited or unexpected VI files, emphasizing caution with email attachments or downloads. 5. Use network segmentation to isolate systems running LabVIEW, limiting exposure to potentially malicious files. 6. Monitor logs and system behavior for anomalies indicative of exploitation attempts, such as unexpected process executions or memory errors. 7. Consider sandboxing or running LabVIEW in controlled environments when handling untrusted VI files. 8. Review and enforce least privilege principles for user accounts running LabVIEW to minimize the impact of potential exploitation.