CVE-2025-64469 is a stack-based buffer overflow vulnerability classified under CWE-121, found in National Instruments (NI) LabVIEW software. The flaw exists in the LVResFile::FindRsrcListEntry() function, which is responsible for parsing VI (Virtual Instrument) files. When a specially crafted corrupted VI file is opened, the function improperly handles input, leading to a buffer overflow on the stack. This memory corruption can allow an attacker to execute arbitrary code with the privileges of the user running LabVIEW or cause information disclosure by reading sensitive memory contents. The vulnerability affects multiple versions of LabVIEW, including 23.1.0, 24.1.0, 25.1.0, and up to the 2025 Q3 release (25.3). Exploitation requires user interaction—specifically, opening a malicious VI file—without needing prior authentication or elevated privileges. The CVSS v3.1 score is 7.8 (high), reflecting the vulnerability's potential to compromise confidentiality, integrity, and availability. While no public exploits are known yet, the nature of the vulnerability makes it a critical concern for environments where LabVIEW is used to develop or run industrial control systems, automated test equipment, or research instrumentation. The lack of available patches at the time of disclosure necessitates immediate risk management and mitigation strategies.

For European organizations, the impact of CVE-2025-64469 can be significant, especially those in sectors relying heavily on NI LabVIEW for automation, industrial control, scientific research, and engineering. Successful exploitation could lead to arbitrary code execution, allowing attackers to take control of affected systems, potentially disrupting critical operations or stealing sensitive intellectual property. Information disclosure could expose proprietary designs or operational data. The vulnerability's requirement for user interaction means phishing or social engineering could be used to deliver malicious VI files. Disruption or compromise of LabVIEW environments could affect manufacturing lines, research labs, or infrastructure monitoring, leading to financial loss, reputational damage, and regulatory consequences under GDPR if personal or sensitive data is involved. The high CVSS score underscores the urgency for affected organizations to address this vulnerability promptly.

1. Restrict the sources from which VI files can be opened, enforcing strict policies to only allow trusted and verified files. 2. Educate users, especially engineers and researchers, about the risks of opening VI files from untrusted or unknown sources to reduce the likelihood of social engineering exploitation. 3. Implement application whitelisting or sandboxing for LabVIEW to limit the impact of potential code execution. 4. Monitor network and endpoint activity for unusual behavior indicative of exploitation attempts, such as unexpected process launches or memory anomalies. 5. Regularly back up LabVIEW project files and system configurations to enable recovery in case of compromise. 6. Engage with NI for patches or updates as they become available and plan for rapid deployment. 7. Consider network segmentation to isolate LabVIEW environments from critical infrastructure and sensitive data systems. 8. Use endpoint detection and response (EDR) tools to detect exploitation attempts targeting LabVIEW processes.