CVE-2025-2631

Published: Apr 9, 2025Modified: Aug 18, 2025

8.5

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: security@ni.com (Secondary)

Description

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Affected (20)

Products: Ni: Labview

1 product

Labview

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Ni Labview	Up to 2021
Ni Labview	Version 2022 q1
Ni Labview	Version 2022 q3
Ni Labview	Version 2022 q3_patch1
Ni Labview	Version 2022 q3_patch2
Ni Labview	Version 2022 q3_patch4
Ni Labview	Version 2023 q1
Ni Labview	Version 2023 q3
Ni Labview	Version 2023 q3_patch1
Ni Labview	Version 2023 q3_patch2
Ni Labview	Version 2023 q3_patch3
Ni Labview	Version 2023 q3_patch4
Ni Labview	Version 2023 q3_patch5
Ni Labview	Version 2024 q1
Ni Labview	Version 2024 q1_patch1
Ni Labview	Version 2024 q3
Ni Labview	Version 2024 q3_patch1
Ni Labview	Version 2024 q3_patch2
Ni Labview	Version 2025 q1
Ni Labview	Version 2025 q1_patch1

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html

Source: security@ni.com

Vendor Advisory

Timeline

No history available yet.