CVE-2025-2632: Out of Bounds Write Vulnerability in NI LabVIEW reading CPU info from cache
First published: Wed Apr 09 2025(Updated: )
Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
Credit: security@ni.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NI LabVIEW | <2025 Q1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-2632?
CVE-2025-2632 has been rated as critical due to its potential for remote code execution and information disclosure.
How do I fix CVE-2025-2632?
To fix CVE-2025-2632, update to the latest version of NI LabVIEW that addresses this vulnerability.
What types of attacks are possible with CVE-2025-2632?
CVE-2025-2632 can lead to attacks involving arbitrary code execution or sensitive information disclosure.
What conditions are necessary for CVE-2025-2632 to be exploited?
Exploitation of CVE-2025-2632 requires the attacker to convince a user to open a specially crafted VI.
Which versions of NI LabVIEW are affected by CVE-2025-2632?
CVE-2025-2632 affects NI LabVIEW versions up to, but not including, 2025 Q1.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/source
- agent/author
- agent/tags
- agent/event
- vendor/national instruments
- canonical/ni labview