CVE-2025-7222: CWE-787: Out-of-bounds Write in Luxion KeyShot
Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26473.
AI Analysis
Technical Summary
CVE-2025-7222 is a high-severity vulnerability identified in Luxion KeyShot version 13.2.1, specifically within the 3DM file parsing functionality. The root cause is an out-of-bounds write (CWE-787) due to improper validation of user-supplied data when processing 3DM files. This flaw allows an attacker to write data beyond the allocated buffer boundaries, potentially overwriting critical memory regions. Exploiting this vulnerability can lead to remote code execution (RCE) in the context of the current user process. However, exploitation requires user interaction, such as opening a maliciously crafted 3DM file or visiting a malicious webpage that triggers the vulnerability. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity but requiring user interaction and local vector (AV:L). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved and published in July 2025 by the Zero Day Initiative (ZDI) under identifier ZDI-CAN-26473. Given the nature of KeyShot as a 3D rendering and animation software widely used in design, manufacturing, and marketing sectors, this vulnerability poses a significant risk to organizations relying on this software for their workflows.
Potential Impact
For European organizations, the impact of CVE-2025-7222 can be substantial, particularly for industries involved in product design, automotive, aerospace, and manufacturing that utilize Luxion KeyShot for 3D visualization. Successful exploitation could lead to arbitrary code execution, allowing attackers to compromise the confidentiality of sensitive design files, alter intellectual property, or disrupt operations by executing malicious payloads. This could result in data breaches, intellectual property theft, or operational downtime. Since exploitation requires user interaction, targeted phishing or social engineering campaigns could be effective attack vectors. The compromise of design environments may also have downstream effects on supply chains and product integrity. Additionally, given the high confidentiality and integrity impact, regulatory compliance risks under GDPR and other European data protection laws may arise if sensitive data is exposed or manipulated.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Immediately verify if Luxion KeyShot version 13.2.1 is in use and prioritize upgrading to a patched version once available. 2) Until patches are released, restrict the opening of untrusted or unsolicited 3DM files and educate users on the risks of opening files from unknown sources. 3) Implement application whitelisting and sandboxing for KeyShot to limit the impact of potential exploitation. 4) Employ network-level protections such as email filtering and web content filtering to reduce exposure to malicious files or links. 5) Monitor endpoint detection and response (EDR) tools for unusual behavior related to KeyShot processes. 6) Coordinate with IT and security teams to establish incident response plans specific to potential exploitation scenarios involving design software. 7) Engage with Luxion support channels to obtain timely updates and advisories. These steps go beyond generic advice by focusing on the specific attack vectors and operational context of KeyShot within European organizations.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Belgium
CVE-2025-7222: CWE-787: Out-of-bounds Write in Luxion KeyShot
Description
Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26473.
AI-Powered Analysis
Technical Analysis
CVE-2025-7222 is a high-severity vulnerability identified in Luxion KeyShot version 13.2.1, specifically within the 3DM file parsing functionality. The root cause is an out-of-bounds write (CWE-787) due to improper validation of user-supplied data when processing 3DM files. This flaw allows an attacker to write data beyond the allocated buffer boundaries, potentially overwriting critical memory regions. Exploiting this vulnerability can lead to remote code execution (RCE) in the context of the current user process. However, exploitation requires user interaction, such as opening a maliciously crafted 3DM file or visiting a malicious webpage that triggers the vulnerability. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity but requiring user interaction and local vector (AV:L). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved and published in July 2025 by the Zero Day Initiative (ZDI) under identifier ZDI-CAN-26473. Given the nature of KeyShot as a 3D rendering and animation software widely used in design, manufacturing, and marketing sectors, this vulnerability poses a significant risk to organizations relying on this software for their workflows.
Potential Impact
For European organizations, the impact of CVE-2025-7222 can be substantial, particularly for industries involved in product design, automotive, aerospace, and manufacturing that utilize Luxion KeyShot for 3D visualization. Successful exploitation could lead to arbitrary code execution, allowing attackers to compromise the confidentiality of sensitive design files, alter intellectual property, or disrupt operations by executing malicious payloads. This could result in data breaches, intellectual property theft, or operational downtime. Since exploitation requires user interaction, targeted phishing or social engineering campaigns could be effective attack vectors. The compromise of design environments may also have downstream effects on supply chains and product integrity. Additionally, given the high confidentiality and integrity impact, regulatory compliance risks under GDPR and other European data protection laws may arise if sensitive data is exposed or manipulated.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Immediately verify if Luxion KeyShot version 13.2.1 is in use and prioritize upgrading to a patched version once available. 2) Until patches are released, restrict the opening of untrusted or unsolicited 3DM files and educate users on the risks of opening files from unknown sources. 3) Implement application whitelisting and sandboxing for KeyShot to limit the impact of potential exploitation. 4) Employ network-level protections such as email filtering and web content filtering to reduce exposure to malicious files or links. 5) Monitor endpoint detection and response (EDR) tools for unusual behavior related to KeyShot processes. 6) Coordinate with IT and security teams to establish incident response plans specific to potential exploitation scenarios involving design software. 7) Engage with Luxion support channels to obtain timely updates and advisories. These steps go beyond generic advice by focusing on the specific attack vectors and operational context of KeyShot within European organizations.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2025-07-07T14:46:21.173Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 687e9c85a83201eaac12fa7e
Added to database: 7/21/2025, 8:01:09 PM
Last enriched: 7/29/2025, 1:19:27 AM
Last updated: 8/15/2025, 4:44:04 PM
Views: 15
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.