CVE-2025-64463
BaseFortify
Publication date: 2025-12-18
Last updated on: 2025-12-24
Assigner: National Instruments
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening specially crafted VI files from untrusted sources. Ensure users are aware not to open suspicious VI files. Update NI LabVIEW to a version later than 2025 Q3 (25.3) once a patch or fix is available from the vendor.
Can you explain this vulnerability to me?
This vulnerability is an out of bounds read in NI LabVIEW's LVResource::DetachResource() function when it parses a corrupted VI file. It occurs because the software reads data outside the intended memory bounds, which can lead to unintended behavior. Exploiting this requires an attacker to trick a user into opening a specially crafted VI file. The impact of this vulnerability can include information disclosure or arbitrary code execution.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to serious impacts such as disclosure of sensitive information or execution of arbitrary code on the affected system. This means an attacker could potentially gain unauthorized access to data or control over the system running NI LabVIEW by convincing a user to open a malicious VI file.