CVE-2025-64468Use After Free in Labview

CWE-416Use After Free12 documents4 sources
Severity
8.5HIGHNVD
EPSS
0.0%
top 91.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
NI Labview
Timeline
PublishedDec 18

Description

There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q3 (25.3) and prior versions

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5ni/labview23.1.023.3.7+3
NVDni/labview4 versions+3

🔴Vulnerability Details

1
GHSA
GHSA-x9f9-2ggr-mmjg: There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file2025-12-18

📋Vendor Advisories

1
CISA ICS
National Instruments LabView2025-12-18

🕵️Threat Intelligence

9
Wiz
CVE-2025-64466 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-64467 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-64462 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-64463 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-64464 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-64468 — Use After Free in NI Labview | cvebase