CVE-2025-7849
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-19
Assigner: National Instruments
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ni | labview | to 2021 (inc) |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1285 | The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory corruption issue in NI LabVIEW caused by improper error handling when a VILinkObj is null. It may allow an attacker to execute arbitrary code if a user opens a specially crafted VI file. It affects NI LabVIEW 2025 Q1 and earlier versions.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to arbitrary code execution on the affected system, potentially allowing an attacker to take control of the system or perform unauthorized actions. Exploitation requires tricking a user into opening a malicious VI file.