CVE-2025-1045 is a heap-based buffer overflow vulnerability identified in Luxion KeyShot Viewer, specifically within the parsing of KSP files. The vulnerability arises due to improper validation of the length of user-supplied data before copying it into a heap-based buffer. This flaw allows an attacker to overflow the buffer, potentially overwriting adjacent memory and enabling arbitrary code execution in the context of the current process. Exploitation requires user interaction, such as opening a maliciously crafted KSP file or visiting a malicious webpage that triggers the vulnerability. The affected product version is Luxion KeyShot Viewer 2024.1_13.0.0.92. Although no public exploits have been reported in the wild, the vulnerability is classified under CWE-122 (Heap-based Buffer Overflow), which is a common and critical class of memory corruption issues that can lead to remote code execution. The lack of proper input validation during KSP file parsing is the root cause, and the vulnerability was reserved and disclosed by the Zero Day Initiative (ZDI) under the identifier ZDI-CAN-24586. Given that the attack vector involves user interaction, the threat actor must convince the target to open a malicious file or visit a compromised site, which may limit the attack surface but does not eliminate risk, especially in environments where KeyShot Viewer is used for 3D rendering and visualization tasks. The vulnerability impacts confidentiality, integrity, and availability by enabling arbitrary code execution, potentially allowing attackers to take full control of the affected system under the privileges of the user running the application.

For European organizations, the impact of CVE-2025-1045 can be significant, particularly for industries relying on 3D rendering and visualization such as automotive, manufacturing, architecture, and product design sectors. Successful exploitation could lead to unauthorized access, data theft, or disruption of critical design workflows. Since KeyShot Viewer is often used to review and present 3D models, attackers could leverage this vulnerability to implant malware, move laterally within networks, or exfiltrate intellectual property. The requirement for user interaction means phishing or social engineering campaigns could be used to deliver malicious KSP files. Organizations with lax email filtering or insufficient user awareness training are at higher risk. Additionally, compromised systems could serve as footholds for further attacks against enterprise networks. The vulnerability also poses a risk to supply chain security, as malicious files could be introduced through third-party collaborators or contractors. Given the medium severity rating and the absence of known exploits in the wild, the immediate risk may be moderate, but the potential for escalation and exploitation remains, especially if threat actors develop reliable exploit code.

To mitigate this vulnerability effectively, European organizations should: 1) Immediately audit and inventory all installations of Luxion KeyShot Viewer to identify affected versions (2024.1_13.0.0.92). 2) Implement strict file handling policies that restrict opening KSP files from untrusted or unknown sources. 3) Enhance user awareness training focused on recognizing phishing attempts and suspicious file attachments, emphasizing the risks of opening unsolicited KSP files. 4) Employ application whitelisting and sandboxing techniques for KeyShot Viewer to limit the impact of potential exploitation. 5) Monitor network and endpoint logs for unusual behavior indicative of exploitation attempts, such as unexpected process spawning or memory anomalies. 6) Coordinate with Luxion for timely patch releases and apply updates as soon as they become available. 7) Use advanced email filtering and attachment scanning solutions that can detect malformed or suspicious KSP files. 8) Consider network segmentation to isolate systems running KeyShot Viewer from critical infrastructure to reduce lateral movement risks. These measures go beyond generic advice by focusing on controlling the attack vector (malicious KSP files), enhancing detection capabilities, and limiting the blast radius of a potential compromise.