CVE-2025-64469 is a stack-based buffer overflow vulnerability identified in the LVResFile::FindRsrcListEntry() function of National Instruments' LabVIEW software. This vulnerability arises during the parsing of corrupted VI (Virtual Instrument) files, which are proprietary project files used within LabVIEW. The flaw allows an attacker to craft a malicious VI file that, when opened by a user, triggers a buffer overflow on the stack. This overflow can overwrite critical control data, enabling the attacker to execute arbitrary code with the privileges of the user running LabVIEW or to disclose sensitive information from memory. The vulnerability affects LabVIEW versions up to and including 25.3 (2025 Q3) and prior releases such as 23.1.0, 24.1.0, and 25.1.0. Exploitation requires user interaction—specifically, opening a malicious VI file—without the need for prior authentication. The CVSS v3.1 base score of 7.8 reflects high severity due to the potential for complete compromise of confidentiality, integrity, and availability. Although no public exploits are currently known, the nature of the vulnerability and the widespread use of LabVIEW in industrial and research environments make it a significant risk. The vulnerability is classified under CWE-121, indicating a classic stack-based buffer overflow issue. No official patches were listed at the time of publication, emphasizing the need for cautious handling of VI files and monitoring for vendor updates.

For European organizations, especially those involved in industrial automation, research, and engineering sectors where NI LabVIEW is commonly used, this vulnerability poses a substantial risk. Successful exploitation could lead to arbitrary code execution, allowing attackers to take control of affected systems, potentially disrupting critical infrastructure or intellectual property workflows. Information disclosure could expose sensitive project data or proprietary algorithms. Given LabVIEW's integration in control systems and test environments, exploitation could also impact operational technology (OT) environments, leading to safety risks or production downtime. The requirement for user interaction limits remote exploitation but does not eliminate risk, as social engineering or supply chain attacks could deliver malicious VI files. The absence of known exploits currently reduces immediate threat but does not preclude future attacks. European organizations with extensive LabVIEW deployments must consider the potential for targeted attacks, especially in countries with advanced manufacturing and research industries.

1. Restrict the sources of VI files to trusted and verified origins, implementing strict file transfer policies and scanning incoming files for anomalies. 2. Educate users on the risks of opening VI files from untrusted or unknown sources, emphasizing social engineering awareness. 3. Monitor National Instruments' official channels for patches or updates addressing this vulnerability and apply them promptly once available. 4. Employ application whitelisting and sandboxing techniques to limit the execution environment of LabVIEW, reducing the impact of potential exploitation. 5. Implement network segmentation to isolate systems running LabVIEW from broader enterprise networks, minimizing lateral movement opportunities. 6. Use endpoint detection and response (EDR) solutions to detect anomalous behaviors indicative of exploitation attempts. 7. Regularly audit and update LabVIEW installations to the latest supported versions, ensuring known vulnerabilities are addressed. 8. Consider disabling or restricting the ability to open VI files if not essential for certain user groups or systems.