CVE-2025-0412 affects Luxion KeyShot Viewer version 12.1.1.11 and involves a memory corruption vulnerability triggered during the parsing of KSP files. The root cause is the lack of proper validation of user-supplied data, which leads to operations exceeding the bounds of allocated memory buffers (CWE-119). This flaw can be exploited remotely by an attacker who convinces a user to open a specially crafted malicious KSP file or visit a malicious webpage hosting such a file. Upon successful exploitation, the attacker can execute arbitrary code within the context of the current process, potentially gaining control over the affected system. The vulnerability has a CVSS 3.0 base score of 7.8, indicating high severity, with attack vector local (requiring user interaction), low attack complexity, no privileges required, and high impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the vulnerability poses a significant risk due to the potential for remote code execution and the widespread use of KeyShot Viewer in design and visualization workflows. The vulnerability was assigned and published by ZDI (Zero Day Initiative) under the identifier ZDI-CAN-22139.

The impact of CVE-2025-0412 is significant for organizations using Luxion KeyShot Viewer, especially in industries relying on 3D rendering and visualization such as manufacturing, automotive, aerospace, and product design. Successful exploitation can lead to full system compromise, allowing attackers to execute arbitrary code, steal sensitive design data, manipulate intellectual property, or deploy malware and ransomware. The requirement for user interaction limits mass exploitation but targeted attacks against high-value individuals or organizations remain a serious threat. Compromise of design environments can disrupt business operations, cause financial losses, and damage reputations. Additionally, since KeyShot Viewer is often used on workstations connected to corporate networks, exploitation could serve as a foothold for lateral movement within an enterprise environment.

To mitigate CVE-2025-0412, organizations should prioritize updating Luxion KeyShot Viewer to a patched version once available, as no patch links are currently provided. In the interim, implement strict controls on the handling of KSP files by restricting file sources and educating users to avoid opening files from untrusted or unknown origins. Employ application whitelisting and sandboxing techniques to limit the execution context of KeyShot Viewer. Network-level protections such as web filtering and email gateway scanning can help block malicious payload delivery. Monitoring for unusual process behavior or memory anomalies related to KeyShot Viewer can aid in early detection. Additionally, enforce the principle of least privilege for users running KeyShot Viewer to minimize the impact of potential exploitation. Regular backups and incident response readiness are recommended to mitigate post-exploitation damage.