CVE-2025-7361 is a code injection vulnerability classified under CWE-94, affecting 32-bit versions of NI LabVIEW up to 2025 Q1. The root cause is an improper initialization check related to the CIN node, a component used within LabVIEW VI files to interface with C code. When a user opens a maliciously crafted VI containing a specially designed CIN node, the vulnerability allows arbitrary code execution within the context of the user. This can lead to full compromise of the affected system, including unauthorized disclosure, modification, or destruction of data, and disruption of system availability. The vulnerability requires user interaction—specifically, opening the crafted VI file—and does not require prior authentication or elevated privileges. The 64-bit LabVIEW versions are not affected as they do not support CIN nodes, limiting the scope to 32-bit installations. The CVSS 3.1 score of 7.8 reflects the vulnerability's high impact and relatively low attack complexity, given the need for user interaction but no privileges. No public exploits or patches are currently available, increasing the urgency for organizations to implement mitigations and monitor for updates from NI.

The impact of CVE-2025-7361 is significant for organizations relying on 32-bit NI LabVIEW in their operational, engineering, or scientific workflows. Successful exploitation can lead to arbitrary code execution, enabling attackers to gain control over affected systems. This can result in data theft, manipulation of critical engineering processes, disruption of industrial control systems, and potential safety hazards. The confidentiality, integrity, and availability of systems and data are all at high risk. Given LabVIEW's widespread use in industries such as manufacturing, aerospace, automotive, and research, the vulnerability could have cascading effects on production lines, research data integrity, and operational continuity. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments where users may open untrusted VI files. The absence of patches increases exposure until NI releases a fix.

Organizations should immediately audit their use of NI LabVIEW to identify 32-bit installations and restrict usage to trusted VI files only. Implement strict access controls and user training to prevent opening unverified or unsolicited VI files, especially those containing CIN nodes. Employ application whitelisting to block execution of unauthorized VI files. Network segmentation can limit the spread of compromise if exploitation occurs. Monitor systems for unusual behavior indicative of code injection or unauthorized execution. Coordinate with NI for timely patch deployment once available. Consider migrating to 64-bit LabVIEW versions where feasible, as they are not affected by this vulnerability. Additionally, use endpoint detection and response (EDR) tools to detect exploitation attempts and maintain regular backups to enable recovery from potential attacks.