CVE-2025-7361: 
LabVIEW vulnerability analysis and mitigation

A code injection vulnerability exists in NI LabVIEW that may result in arbitrary code execution. The vulnerability (CVE-2025-7361) affects 32-bit NI LabVIEW 2025 Q1 and prior versions, while 64-bit versions are not affected as they don't support CIN nodes. The vulnerability was discovered and disclosed in July 2025 (NI Security).

The vulnerability stems from an improper initialization check in NI LabVIEW's Code Interface Node (CIN) functionality. The CVSS v3.1 base score is 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, and user interaction required. The vulnerability has also been assessed with CVSS v4.0 score of 8.5 (AttackerKB, NI Security).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system, potentially leading to complete system compromise with the same privileges as the user running LabVIEW. The vulnerability affects confidentiality, integrity, and availability of the system, all rated as High in the CVSS scoring (NI Security).

NI recommends upgrading to LabVIEW 2025 Q3 or later versions where CIN nodes are no longer supported. For earlier versions, specific patches are available: LabVIEW 2024 Q3 Patch 4 or later, LabVIEW 2023 Q3 Patch 7 or later, and LabVIEW 2022 Q3 Patch 6 or later. For backward compatibility, users can re-enable CIN nodes by setting EnableCodeInterfaceNodes=True in the configuration file, though this is not recommended. Users should transition to alternative methods such as Call Library Function Nodes (CLFN) for interfacing with external code (NI Security).