CVE-2025-7361 is a high-severity code injection vulnerability classified under CWE-94 (Improper Control of Generation of Code) affecting National Instruments (NI) LabVIEW 32-bit versions up to 2025 Q1. The vulnerability arises from an improper initialization check within the handling of the CIN (Code Interface Node) in LabVIEW. CIN nodes allow LabVIEW to interface with external code, typically written in C or C++, embedded within a VI (Virtual Instrument) file. An attacker can exploit this vulnerability by crafting a malicious VI containing a specially crafted CIN node and convincing a user to open it in a vulnerable 32-bit LabVIEW environment. Successful exploitation results in arbitrary code execution with the privileges of the user running LabVIEW. Notably, 64-bit versions of LabVIEW are not affected as they do not support CIN nodes. The CVSS v3.1 score is 7.8 (high), reflecting the vulnerability's potential to compromise confidentiality, integrity, and availability. Exploitation requires local access or limited access (local vector), low attack complexity, no privileges, but user interaction (opening a malicious VI) is required. There are no known exploits in the wild as of the publication date, and no patches have been linked yet. This vulnerability poses a significant risk to environments where 32-bit LabVIEW is used, especially in industrial, research, or engineering contexts where LabVIEW is prevalent for automation and instrumentation control.

For European organizations, the impact of CVE-2025-7361 can be substantial, particularly in sectors relying on NI LabVIEW for critical industrial automation, manufacturing process control, scientific research, and engineering development. Successful exploitation could lead to arbitrary code execution, allowing attackers to execute malicious payloads, potentially leading to data theft, sabotage of industrial processes, or disruption of research activities. The compromise of LabVIEW environments could also serve as a pivot point for deeper network infiltration, threatening broader organizational IT and OT infrastructure. Confidentiality could be breached by exfiltrating sensitive design or process data, integrity compromised by altering control logic or measurement data, and availability affected by causing system crashes or denial of service. Given that exploitation requires user interaction, social engineering or phishing campaigns targeting LabVIEW users could be leveraged. The lack of patches at the time of disclosure increases the risk window for affected organizations.

1. Immediate mitigation should include restricting the use of 32-bit LabVIEW versions and encouraging migration to 64-bit versions that do not support CIN nodes, thereby eliminating the attack vector. 2. Implement strict user training and awareness programs to prevent opening untrusted or unsolicited VI files, emphasizing the risks of malicious CIN nodes. 3. Employ application whitelisting and endpoint protection solutions capable of detecting and blocking execution of unauthorized code or suspicious VI files. 4. Enforce network segmentation to isolate LabVIEW development and execution environments from broader enterprise networks, limiting lateral movement in case of compromise. 5. Monitor LabVIEW-related file access and execution logs for anomalous activities indicative of exploitation attempts. 6. Coordinate with NI for timely patch deployment once available and subscribe to vendor advisories. 7. Consider implementing sandboxing or virtualized environments for opening untrusted VI files to contain potential exploitation.