National Instruments LabVIEW

Monitor7.8ICS-CERT ICSA-25-105-06Apr 15, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A buffer overflow vulnerability (CWE-787) in National Instruments LabVIEW versions 2025_Q1 and earlier allows arbitrary code execution through invalid memory writes. The vulnerability requires local access and user interaction to exploit. National Instruments has indicated patches are available; users should check the vendor's advisory for specific links and version information.

What this means

What could happen

An attacker with local access to a system running LabVIEW could run arbitrary code with the privileges of the user running LabVIEW, potentially altering or stopping control logic and automation scripts used to manage processes.

Who's at risk

Organizations that use National Instruments LabVIEW for process automation, control logic development, or data acquisition—including manufacturing facilities, utilities, and research institutions—should evaluate their exposure. Risk is highest at sites where LabVIEW runs on engineering workstations or operator stations with elevated privileges or access to critical process control functions.

How it could be exploited

An attacker must be able to interact with the LabVIEW application locally—for example, through a malicious file opened in LabVIEW or direct system access. The vulnerability allows invalid memory writes that lead to code execution in the context of the LabVIEW process.

Prerequisites

Local access to the system running LabVIEW
User interaction required to open or interact with a crafted file or trigger the vulnerability
LabVIEW version 2025_Q1 or earlier installed

No patch available yetLow complexity attackRequires user interactionLocal access only (not remotely exploitable)Could allow code execution with process-level privileges

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

LabVIEW: <=2025_Q1≤ 2025 Q1No fix yet

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGRestrict local access to engineering workstations running LabVIEW; limit who can log in and run the application

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LabVIEW to a patched version when available from National Instruments

Long-term hardening

0/3

HARDENINGIsolate LabVIEW development and runtime systems from business networks and the Internet

HARDENINGUse VPNs with current security patches if remote access to LabVIEW systems is required

HARDENINGTrain users on email security: do not click links or open attachments in unsolicited messages that could deliver malicious files

CVEs (2)

CVE-2025-2631 CVE-2025-2632

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d5f057f3-363e-40b8-9737-5bf849613539