CVE-2025-64469 is a stack-based buffer overflow vulnerability identified in the LVResFile::FindRsrcListEntry() function of NI LabVIEW, a widely used system-design platform and development environment for visual programming. The flaw occurs when LabVIEW parses a corrupted VI (Virtual Instrument) file, specifically within the resource list entry lookup process. This improper handling of malformed input leads to a buffer overflow on the stack, which can corrupt memory and enable an attacker to execute arbitrary code or cause information disclosure. The vulnerability affects all versions up to and including NI LabVIEW 2025 Q3 (version 25.3). Exploitation requires an attacker to trick a user into opening a specially crafted VI file, making user interaction necessary but no prior privileges required. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges needed. Although no public exploits have been reported yet, the nature of the vulnerability makes it a critical concern for environments where LabVIEW is used to develop or run industrial control systems, test automation, or embedded systems. The vulnerability is categorized under CWE-121 (Stack-based Buffer Overflow), a common and dangerous class of memory corruption bugs.

The potential impact of CVE-2025-64469 is significant for organizations relying on NI LabVIEW for critical engineering, industrial automation, or research applications. Successful exploitation can lead to arbitrary code execution, allowing attackers to take full control of the affected system, potentially leading to data theft, system manipulation, or disruption of operations. Information disclosure could expose sensitive intellectual property or operational data. Since LabVIEW is often used in environments controlling physical processes, exploitation could have safety implications or cause operational downtime. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments where users frequently exchange VI files. The vulnerability could be leveraged in targeted attacks against organizations in manufacturing, aerospace, automotive, and critical infrastructure sectors that use LabVIEW extensively.

To mitigate CVE-2025-64469, organizations should immediately apply any patches or updates released by NI once available. In the absence of patches, implement strict controls on the handling and opening of VI files, including restricting file sources to trusted origins and scanning files for anomalies before opening. Employ application whitelisting to limit execution of unauthorized or unexpected VI files. Educate users about the risks of opening VI files from untrusted sources and enforce policies to minimize such behavior. Use sandboxing or isolated environments for opening untrusted VI files to contain potential exploitation. Monitor systems running LabVIEW for unusual behavior or crashes that could indicate exploitation attempts. Additionally, consider network segmentation to limit the impact of a compromised system within the broader network.