CVE-2025-2631: Out of Bounds Write Vulnerability in NI LabVIEW in InitCPUInformation()
First published: Wed Apr 09 2025(Updated: )
Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
Credit: security@ni.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| National Instruments LabVIEW | <2025 Q1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-2631?
CVE-2025-2631 is classified as a critical severity vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2025-2631?
To fix CVE-2025-2631, users should upgrade to a patched version of NI LabVIEW beyond 2025 Q1.
What are the potential impacts of CVE-2025-2631?
Successful exploitation of CVE-2025-2631 may lead to information disclosure or arbitrary code execution.
Who is affected by CVE-2025-2631?
CVE-2025-2631 affects users of NI LabVIEW versions up to and including 2025 Q1.
How can an attacker exploit CVE-2025-2631?
An attacker can exploit CVE-2025-2631 by convincing a user to open a specially crafted VI.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/source
- agent/author
- agent/tags
- agent/event
- vendor/ni
- canonical/national instruments labview