National Instruments LabVIEW

MonitorCVSS 7.8ICS-CERT ICSA-25-105-06Apr 15, 2025

National Instruments

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A buffer overflow vulnerability in National Instruments LabVIEW versions 2025_Q1 and earlier allows arbitrary code execution through invalid memory writes. The vulnerability requires local access and user interaction to exploit. National Instruments has indicated patches are available; affected users should check vendor advisories CVE-2025-2631 and CVE-2025-2632.

What this means

What could happen

An attacker with local access to a machine running LabVIEW could execute arbitrary code, potentially modifying LabVIEW applications, altering control logic, or corrupting data in systems that rely on LabVIEW for process monitoring or control.

Who's at risk

Organizations using LabVIEW for industrial automation, data acquisition, or process control—including water utilities, power plants, manufacturing facilities, and research institutions. Engineers and operators on workstations running LabVIEW 2025_Q1 or earlier are at risk.

How it could be exploited

An attacker must gain local access to a LabVIEW installation—either through physical access, compromised user credentials, or by being already present on the engineering workstation. They then trigger the vulnerability through a malicious file or user interaction, causing arbitrary code execution with the privileges of the LabVIEW user.

Prerequisites

Local access to the machine running LabVIEW
User interaction required (opening or interacting with malicious content)
LabVIEW version 2025_Q1 or earlier

requires local accessuser interaction requiredaffects development and runtime systemsinvalid memory writes could corrupt process data

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

LabVIEW: <=2025_Q1≤ 2025 Q1No fix yet

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical and network access to engineering workstations running LabVIEW to authorized personnel only

WORKAROUNDTrain users not to open files or click links from untrusted sources on LabVIEW workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LabVIEW to a version newer than 2025_Q1 when available from National Instruments

Long-term hardening

0/1

HARDENINGIsolate LabVIEW development and runtime systems from general business networks using network segmentation

CVEs (2)

CVE-2025-2631 CVE-2025-2632

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d5f057f3-363e-40b8-9737-5bf849613539

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.