ni.com is currently undergoing scheduled maintenance.
Some services may be unavailable at this time. Please contact us for help or try again later.
There are two memory corruption vulnerabilities due to improper error handling that exist in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. These vulnerabilities affect NI LabVIEW 2025 Q1 and prior versions.
These vulnerabilities are identified as CVE-2025-7848 and CVE-2025-7849.
NI strongly recommends upgrading the affected software to mitigate these vulnerabilities. Refer to the Affected Products section for information on upgrading these products.
CVE-2025-7848 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-7848 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-7849 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-7849 – 8.5 - CVSS:4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
At NI, we view the security of our products as an important part of our commitment to our customers. Go to ni.com/security to stay informed and act upon security alerts and issues.
NI would like to thank Rocco Calvi (@TecR0c) with TecSecurity working with Trend Micro Zero Day Initiative for reporting these issues and working with us on coordinated disclosure.
| Product Version | Mitigation |
|---|---|
| LabVIEW 2025 | Upgrade to LabVIEW 2025 Q3 or later from NI Package Manager or Software Downloads |
| LabVIEW 2025 Q1 | Upgrade to LabVIEW 2025 Q1 Patch 3 or later from NI Package Manager or Software Downloads |
| LabVIEW 2024 | Upgrade to LabVIEW 2024 Q3 Patch 4 or later from NI Package Manager or Software Downloads |
| LabVIEW 2023 | Upgrade to LabVIEW 2023 Q3 Patch 7 or later from NI Package Manager or Software Downloads |
| LabVIEW 2022 | Upgrade to LabVIEW 2022 Q3 Patch 6 or later from NI Package Manager or Software Downloads |
| LabVIEW 2021 and prior | Not in Mainstream Support |