National Instruments LabVIEW

MonitorCVSS 7.8ICS-CERT ICSA-25-210-01Jul 29, 2025

National Instruments

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

LabVIEW versions 2025_Q1 and earlier are vulnerable to memory safety issues (invalid memory reads) that could allow arbitrary code execution through user interaction. National Instruments has released patches available through their advisory. The vulnerabilities are not remotely exploitable and require local access with user action to trigger.

What this means

What could happen

An attacker with local access to a machine running LabVIEW could execute arbitrary code, potentially modifying or stopping automation scripts, reading sensitive process data, or corrupting project files. This could disrupt engineering workflows and research operations.

Who's at risk

Software development and process engineering teams using National Instruments LabVIEW for automation design, data acquisition, and control system development on Windows PCs. This affects engineering workstations, test systems, and automation design environments in utilities, manufacturing, and research facilities.

How it could be exploited

An attacker must have local access to the LabVIEW installation and trick a user into opening a malicious file or interaction (requires user action). Once the user triggers the vulnerability, arbitrary code runs in the context of the LabVIEW process.

Prerequisites

Local access to the computer running LabVIEW
User interaction required (opening a malicious file or content)
LabVIEW version 2025_Q1 or earlier

Requires local access and user interactionLow EPSS score (0.0%)Not actively exploitedNot remotely exploitable

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

LabVIEW: <=2025_Q1≤ 2025 Q1No fix yet

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical and remote login access to machines running LabVIEW to trusted engineers only

HARDENINGTrain users not to open files from untrusted sources on machines running LabVIEW

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LabVIEW to the latest patched version from National Instruments

HARDENINGDisable LabVIEW installations on machines that do not require active engineering work

CVEs (2)

CVE-2025-2633 CVE-2025-2634

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d2b25b6d-e005-499d-bffa-7a30a4ffe62a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.