1. EXECUTIVE SUMMARY
- CVSS v4 7.1
- ATTENTION: Low attack complexity
- Vendor: National Instruments
- Equipment: LabVIEW
- Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to the execution of arbitrary code on affected installations of LabVIEW, which could result in invalid memory reads.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of LabVIEW are affected:
- LabVIEW: 2025 Q1 and prior versions
3.2 Vulnerability Overview
3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
LabVIEW 2025 Q1 and prior versions are affected by an improper restriction of operations within the bounds of a memory buffer vulnerability, which may allow a local attacker to disclose information and execute arbitrary code remotely, resulting in invalid memory reads.
CVE-2025-2633 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-2633. A base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).