CVE-2025-7848
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-19
Assigner: National Instruments
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ni | labview | to 2021 (inc) |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1285 | The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on the affected system, potentially leading to unauthorized actions, data compromise, or system control. Exploitation requires user interaction by opening a malicious VI file.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening specially crafted VI files from untrusted sources. Ensure that you update NI LabVIEW to a version later than 2025 Q1 once a patch is available from the vendor. Until then, exercise caution with VI files and restrict user access to potentially malicious files.
Can you explain this vulnerability to me?
This vulnerability is a memory corruption issue in the lvpict.cpp component of NI LabVIEW. It occurs due to improper input validation, which can allow an attacker to execute arbitrary code if a user opens a specially crafted VI file. It affects NI LabVIEW 2025 Q1 and earlier versions.