CVE-2025-7849

Summary

A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Affected Software

VendorProductVersion RangeStatus
NILabVIEW0 <= 22.3.5affected
NILabVIEW23.0.0 <= 23.3.6affected
NILabVIEW24.0.0 <= 24.3.3affected
NILabVIEW25.0.0 < 25.3.0affected

Weaknesses

  • CWE-1285: CWE-1285

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References