A memory corruption vulnerability due to improper error... · CVE-2025-7849 · GitHub Advisory Database · GitHub

A memory corruption vulnerability due to improper error...

High severity Unreviewed Published Jul 30, 2025 to the GitHub Advisory Database • Updated Jul 30, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

References

Published by the National Vulnerability Database

Jul 29, 2025

Published to the GitHub Advisory Database Jul 30, 2025

Last updated Jul 30, 2025

Severity

High

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Local

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction Passive

Vulnerable System Impact Metrics

Confidentiality High

Integrity High

Availability High

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X