OTPulse
FeedAboutContact

National Instruments LabVIEW

Monitor7.8ICS-CERT ICSA-25-210-01Jul 29, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Buffer overflow vulnerability (CWE-119) in National Instruments LabVIEW versions 2025_Q1 and earlier allows arbitrary code execution through crafted input. Exploitation requires local access and user interaction but could result in invalid memory reads and system compromise. No public exploitation has been reported.

What this means
What could happen
An attacker with local access to a LabVIEW installation could execute arbitrary code with the privileges of the application, potentially allowing them to steal data or disrupt engineering workflows that control connected devices.
Who's at risk
Organizations using National Instruments LabVIEW on engineering workstations or development systems should care. This includes water authorities and utilities that use LabVIEW for control system design, testing, or simulation. The vulnerability is most relevant if your engineers interact with LabVIEW projects from external sources or untrusted networks.
How it could be exploited
An attacker must interact with a user running a vulnerable version of LabVIEW—typically through a malicious LabVIEW project file or by convincing a user to open a crafted document. Once opened, the attacker gains code execution on the LabVIEW host machine.
Prerequisites
  • Local machine access or ability to deliver a malicious file to a LabVIEW user
  • LabVIEW application version 2025_Q1 or earlier running on the target machine
  • User interaction required—victim must open or run the malicious LabVIEW project or file
Low attack complexityUser interaction required (reduces immediate risk)Local access only (not remotely exploitable)Affects engineering workstations and development systems
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
LabVIEW: <=2025_Q1≤ 2025 Q1No fix yet
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict local access to LabVIEW machines; limit who can install or run LabVIEW software and who can open untrusted LabVIEW project files
HARDENINGTrain operators and engineers to avoid opening LabVIEW projects from untrusted sources, especially via email or downloads
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LabVIEW to the patched version released by National Instruments (consult National Instruments advisories for specific version numbers)
WORKAROUNDImplement file execution controls (e.g., AppLocker, Software Restriction Policies) to prevent unauthorized LabVIEW execution
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d2b25b6d-e005-499d-bffa-7a30a4ffe62a
National Instruments LabVIEW | CVSS 7.8 - OTPulse