CVE-2025-0412: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in Luxion KeyShot Viewer
CVE-2025-0412 is a high-severity remote code execution vulnerability in Luxion KeyShot Viewer version 12. 1. 1. 11. It arises from improper validation of user-supplied data during the parsing of KSP files, leading to memory corruption. Exploitation requires user interaction, such as opening a malicious file or visiting a crafted webpage. Successful exploitation allows attackers to execute arbitrary code with the privileges of the current user. No known exploits are currently in the wild. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer).
AI Analysis
Technical Summary
CVE-2025-0412 affects Luxion KeyShot Viewer version 12.1.1.11 and involves a memory corruption vulnerability triggered during the parsing of KSP files. The root cause is the lack of proper validation of user-supplied data, which leads to operations exceeding the bounds of allocated memory buffers (CWE-119). This flaw can be exploited remotely by an attacker who convinces a user to open a specially crafted malicious KSP file or visit a malicious webpage hosting such a file. Upon successful exploitation, the attacker can execute arbitrary code within the context of the current process, potentially gaining control over the affected system. The vulnerability has a CVSS 3.0 base score of 7.8, indicating high severity, with attack vector local (requiring user interaction), low attack complexity, no privileges required, and high impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the vulnerability poses a significant risk due to the potential for remote code execution and the widespread use of KeyShot Viewer in design and visualization workflows. The vulnerability was assigned and published by ZDI (Zero Day Initiative) under the identifier ZDI-CAN-22139.
Potential Impact
The impact of CVE-2025-0412 is significant for organizations using Luxion KeyShot Viewer, especially in industries relying on 3D rendering and visualization such as manufacturing, automotive, aerospace, and product design. Successful exploitation can lead to full system compromise, allowing attackers to execute arbitrary code, steal sensitive design data, manipulate intellectual property, or deploy malware and ransomware. The requirement for user interaction limits mass exploitation but targeted attacks against high-value individuals or organizations remain a serious threat. Compromise of design environments can disrupt business operations, cause financial losses, and damage reputations. Additionally, since KeyShot Viewer is often used on workstations connected to corporate networks, exploitation could serve as a foothold for lateral movement within an enterprise environment.
Mitigation Recommendations
To mitigate CVE-2025-0412, organizations should prioritize updating Luxion KeyShot Viewer to a patched version once available, as no patch links are currently provided. In the interim, implement strict controls on the handling of KSP files by restricting file sources and educating users to avoid opening files from untrusted or unknown origins. Employ application whitelisting and sandboxing techniques to limit the execution context of KeyShot Viewer. Network-level protections such as web filtering and email gateway scanning can help block malicious payload delivery. Monitoring for unusual process behavior or memory anomalies related to KeyShot Viewer can aid in early detection. Additionally, enforce the principle of least privilege for users running KeyShot Viewer to minimize the impact of potential exploitation. Regular backups and incident response readiness are recommended to mitigate post-exploitation damage.
Affected Countries
United States, Germany, Japan, South Korea, United Kingdom, France, Canada, China, Italy, Australia
CVE-2025-0412: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in Luxion KeyShot Viewer
Description
CVE-2025-0412 is a high-severity remote code execution vulnerability in Luxion KeyShot Viewer version 12. 1. 1. 11. It arises from improper validation of user-supplied data during the parsing of KSP files, leading to memory corruption. Exploitation requires user interaction, such as opening a malicious file or visiting a crafted webpage. Successful exploitation allows attackers to execute arbitrary code with the privileges of the current user. No known exploits are currently in the wild. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer).
AI-Powered Analysis
Technical Analysis
CVE-2025-0412 affects Luxion KeyShot Viewer version 12.1.1.11 and involves a memory corruption vulnerability triggered during the parsing of KSP files. The root cause is the lack of proper validation of user-supplied data, which leads to operations exceeding the bounds of allocated memory buffers (CWE-119). This flaw can be exploited remotely by an attacker who convinces a user to open a specially crafted malicious KSP file or visit a malicious webpage hosting such a file. Upon successful exploitation, the attacker can execute arbitrary code within the context of the current process, potentially gaining control over the affected system. The vulnerability has a CVSS 3.0 base score of 7.8, indicating high severity, with attack vector local (requiring user interaction), low attack complexity, no privileges required, and high impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the vulnerability poses a significant risk due to the potential for remote code execution and the widespread use of KeyShot Viewer in design and visualization workflows. The vulnerability was assigned and published by ZDI (Zero Day Initiative) under the identifier ZDI-CAN-22139.
Potential Impact
The impact of CVE-2025-0412 is significant for organizations using Luxion KeyShot Viewer, especially in industries relying on 3D rendering and visualization such as manufacturing, automotive, aerospace, and product design. Successful exploitation can lead to full system compromise, allowing attackers to execute arbitrary code, steal sensitive design data, manipulate intellectual property, or deploy malware and ransomware. The requirement for user interaction limits mass exploitation but targeted attacks against high-value individuals or organizations remain a serious threat. Compromise of design environments can disrupt business operations, cause financial losses, and damage reputations. Additionally, since KeyShot Viewer is often used on workstations connected to corporate networks, exploitation could serve as a foothold for lateral movement within an enterprise environment.
Mitigation Recommendations
To mitigate CVE-2025-0412, organizations should prioritize updating Luxion KeyShot Viewer to a patched version once available, as no patch links are currently provided. In the interim, implement strict controls on the handling of KSP files by restricting file sources and educating users to avoid opening files from untrusted or unknown origins. Employ application whitelisting and sandboxing techniques to limit the execution context of KeyShot Viewer. Network-level protections such as web filtering and email gateway scanning can help block malicious payload delivery. Monitoring for unusual process behavior or memory anomalies related to KeyShot Viewer can aid in early detection. Additionally, enforce the principle of least privilege for users running KeyShot Viewer to minimize the impact of potential exploitation. Regular backups and incident response readiness are recommended to mitigate post-exploitation damage.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2025-01-13T03:19:37.316Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 699f6b69b7ef31ef0b555263
Added to database: 2/25/2026, 9:36:41 PM
Last enriched: 2/25/2026, 11:52:06 PM
Last updated: 2/26/2026, 6:14:31 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup
HighCVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator
MediumCVE-2026-2499: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tgrk Custom Logo
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.