CVE-2025-64467
BaseFortify
Publication date: 2025-12-18
Last updated on: 2025-12-24
Assigner: National Instruments
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2022 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2023 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2024 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
| ni | labview | 2025 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening specially crafted VI files from untrusted sources. Update NI LabVIEW to a version later than 2025 Q3 (25.3) once a patch is available. Until then, exercise caution with VI files and restrict user access to potentially malicious files.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to information disclosure or allow an attacker to execute arbitrary code on the affected system. This could compromise system confidentiality, integrity, and availability.
Can you explain this vulnerability to me?
This vulnerability is an out of bounds read in NI LabVIEW's LVResFile::FindRsrcListEntry() function when parsing a corrupted VI file. It occurs if a user opens a specially crafted VI file, potentially leading to information disclosure or arbitrary code execution.