Vulners
Lucene search
National Instruments LabVIEW < 2025 Q3 Multiple Vulnerabilities
| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
 | CVE-2025-2633 | 23 Jul 202518:32 | – | circl |
| CVE-2025-2634 | 23 Jul 202518:35 | – | circl |
 | NI LabVIEW 安全漏洞 | 23 Jul 202500:00 | – | cnnvd |
| NI LabVIEW 安全漏洞 | 23 Jul 202500:00 | – | cnnvd |
 | CVE-2025-2633 | 23 Jul 202515:49 | – | cve |
| CVE-2025-2634 | 23 Jul 202515:53 | – | cve |
 | CVE-2025-2633 Out of Bounds Read Vulnerability in NI LabVIEW when loading fonts | 23 Jul 202515:49 | – | cvelist |
| CVE-2025-2634 Out of Bounds Read Vulnerability in NI LabVIEW when building font map | 23 Jul 202515:53 | – | cvelist |
 | EUVD-2025-22460 | 3 Oct 202520:07 | – | euvd |
| EUVD-2025-22461 | 3 Oct 202520:07 | – | euvd |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(243275);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");
script_cve_id("CVE-2025-2633", "CVE-2025-2634");
script_xref(name:"IAVA", value:"2025-A-0561-S");
script_name(english:"National Instruments LabVIEW < 2025 Q3 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of National Instruments (NI) LabVIEW installed on the remote Windows host is affected by multiple
vulnerabilities:
- Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that
may result in information disclosure or arbitrary code execution. Successful exploitation requires an
attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and
prior versions. (CVE-2025-2633)
- Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in
information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a
user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
(CVE-2025-2634)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9278e7f");
script_set_attribute(attribute:"solution", value:
"Upgrade to the NI LabVIEW version referenced in the vendor advisory");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-2633");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2025-2633");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/22");
script_set_attribute(attribute:"patch_publication_date", value:"2025/07/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ni:labview");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("labview_installed.nbin");
script_require_keys("installed_sw/National Instruments LabVIEW", "SMB/Registry/Enumerated");
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
'metadata': {'spec_version': '1.0'},
'requires': [
{'scope': 'target', 'match': {'os': 'windows'}}
],
'checks': [
{
'product': {'name': 'National Instruments LabVIEW', 'type': 'app'},
'check_algorithm': 'default',
'constraints': [
{ 'min_version':'2025.2', 'fixed_version' : '2025.3.0', 'fixed_display' : '2025 Q3' },
{ 'min_version':'2025.0', 'fixed_version' : '2025.1.3', 'fixed_display' : '2025 Q1 Patch 3' },
{ 'min_version':'2024.0', 'fixed_version' : '2024.3.4', 'fixed_display' : '2024 Q3 Patch 4' },
{ 'min_version':'2023.0', 'fixed_version' : '2023.3.7', 'fixed_display' : '2023 Q3 Patch 7' },
{ 'min_version':'2022.0', 'fixed_version' : '2022.3.6', 'fixed_display' : '2022 Q3 Patch 6' },
{ 'min_version':'0', 'max_version' : '2021.999.999', 'fixed_display' : 'Check Vendor Advisory' }
]
}
]
};
var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING);
vdf::handle_check_and_report_errors(vdf_result:result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Jan 2026 00:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 47.3
CVSS 3.17.8
EPSS0.00068
SSVC