CVE-2025-7361
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-19
Assigner: National Instruments
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ni | labview | to 2021 (inc) |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a code injection issue in NI LabVIEW caused by an improper initialization check. It allows an attacker to execute arbitrary code if a user opens a specially crafted VI file that uses a CIN node. It affects 32-bit NI LabVIEW 2025 Q1 and earlier versions, while 64-bit versions are not affected because they do not support CIN nodes.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on your system with the privileges of the user who opens the malicious VI file. This could lead to unauthorized actions, data compromise, or system control.