CVE-2025-2633
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-08-19
Assigner: National Instruments
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ni | labview | to 2021 (inc) |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1285 | The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds read in NI LabVIEW's function lvre!UDecStrToNum caused by improper bounds checking. It can lead to information disclosure or arbitrary code execution if an attacker tricks a user into opening a specially crafted VI file. It affects NI LabVIEW 2025 Q1 and earlier versions.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to disclose sensitive information or execute arbitrary code on your system, potentially compromising your data and system integrity. Exploitation requires user interaction by opening a malicious VI file.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening specially crafted VI files from untrusted sources. Update NI LabVIEW to a version later than 2025 Q1 once a patch or fix is released by the vendor. Until then, exercise caution with user interaction involving VI files.