CVE-2025-7361 is a high-severity code injection vulnerability (CWE-94) found in the 32-bit versions of NI LabVIEW up to and including version 2025 Q1. The vulnerability arises from an improper initialization check related to the use of the CIN node within LabVIEW VI (Virtual Instrument) files. Specifically, when a user opens a specially crafted VI containing a malicious CIN node, it may allow an attacker to execute arbitrary code on the victim's system. The vulnerability does not affect 64-bit versions of LabVIEW, as these do not support CIN nodes. Exploitation requires user interaction, namely opening a malicious VI file, but does not require any prior authentication or elevated privileges. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required, but user interaction is necessary. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability affects multiple versions, including 23.0.0, 24.0.0, and 25.0.0, indicating a broad exposure for users of the 32-bit LabVIEW platform.

For European organizations, especially those in industrial automation, engineering, research, and manufacturing sectors that rely on NI LabVIEW for system design, testing, and control, this vulnerability poses a significant risk. Successful exploitation could lead to arbitrary code execution, potentially allowing attackers to compromise sensitive intellectual property, disrupt critical control systems, or pivot within internal networks. The high impact on confidentiality, integrity, and availability means that attackers could steal proprietary data, alter system behavior, or cause denial of service. Given that LabVIEW is widely used in sectors such as automotive, aerospace, and energy within Europe, the threat could affect operational technology environments and research institutions. The requirement for user interaction (opening a malicious VI) suggests that targeted spear-phishing or supply chain attacks distributing malicious VI files are plausible attack vectors. The lack of 64-bit CIN node support limits the scope to 32-bit LabVIEW users, but many legacy systems may still be vulnerable. The absence of known exploits in the wild provides a window for proactive mitigation before active exploitation occurs.

European organizations should immediately identify and inventory all 32-bit NI LabVIEW installations, focusing on versions 23.0.0 through 25.0.0. Until an official patch is released, organizations should implement strict controls on the handling and opening of VI files, including disabling or restricting the use of CIN nodes where possible. User training should emphasize caution when opening VI files from untrusted sources. Network segmentation should be enforced to isolate systems running vulnerable LabVIEW versions from critical infrastructure and sensitive data repositories. Application whitelisting and endpoint detection and response (EDR) solutions should be configured to monitor and block suspicious execution patterns related to LabVIEW processes. Additionally, organizations should engage with NI for updates on patches or workarounds and plan for timely deployment once available. Implementing file integrity monitoring on VI files and logging user activities related to LabVIEW can aid in early detection of exploitation attempts. Finally, consider migrating to 64-bit LabVIEW versions where feasible, as these are not affected by this vulnerability.