CVE-2025-7849Improper Validation of Specified Index, Position, or Offset in Input in Labview

CWE-1285Improper Validation of Specified Index, Position, or Offset in Input2 documents2 sources
Severity
8.5HIGHNVD
EPSS
0.0%
top 91.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
NI Labview
Timeline
PublishedJul 29
Latest updateJul 30

Description

A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5ni/labview25.0.025.3.0+2
NVDni/labview2021+4

🔴Vulnerability Details

1
GHSA
GHSA-qqxj-m5wg-prqx: A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execu2025-07-30
CVE-2025-7849 — NI Labview vulnerability | cvebase