CVE-2025-1045 in KeyShot Viewer
Summary
by MITRE • 04/23/2025
Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24586.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 08/08/2025
The CVE-2025-1045 vulnerability represents a critical heap-based buffer overflow in Luxion KeyShot Viewer's KSP file parsing functionality, classified under CWE-121 Heap-based Buffer Overflow. This vulnerability resides within the viewer's handling of KSP (KeyShot Project) files, which are commonly used for 3D rendering and visualization. The flaw manifests when the application processes user-supplied data without adequate length validation before copying it into heap-allocated buffers, creating an exploitable condition that can be leveraged for remote code execution.
The technical implementation of this vulnerability stems from insufficient input validation mechanisms within the KSP file parser component of KeyShot Viewer. When processing maliciously crafted KSP files, the application fails to properly validate the length of data elements before performing memory copy operations into heap-based buffers. This fundamental flaw allows attackers to overflow buffer boundaries and overwrite adjacent memory locations, potentially corrupting program execution flow. The vulnerability specifically targets heap-based memory structures, making it particularly dangerous as it can lead to arbitrary code execution with the privileges of the affected application process.
Remote code execution capabilities of this vulnerability require user interaction through either visiting a malicious webpage that triggers automatic download and execution of compromised KSP files, or by directly opening a malicious KSP file. This attack vector aligns with ATT&CK technique T1203, which covers Exploitation for Client Execution, and demonstrates how web-based attacks can leverage desktop application vulnerabilities. The exploitability requires the target to interact with malicious content, but once executed, the vulnerability provides full control over the affected system within the context of the viewer application's privileges.
The operational impact of CVE-2025-1045 extends beyond simple code execution to encompass potential system compromise and data exfiltration capabilities. Attackers can leverage this vulnerability to install backdoors, escalate privileges, or establish persistent access to affected systems. Organizations utilizing KeyShot Viewer for 3D modeling and rendering workflows face significant risk, particularly in environments where users may encounter malicious content through email attachments, web downloads, or compromised collaboration platforms. The vulnerability affects versions of KeyShot Viewer where KSP file processing is enabled, making it a critical concern for any enterprise relying on 3D visualization software.
Mitigation strategies for CVE-2025-1045 should prioritize immediate software updates from Luxion to address the heap buffer overflow. System administrators should implement strict file validation policies for KSP files and consider network-based restrictions to prevent automatic execution of potentially malicious content. Additionally, user education regarding the dangers of opening untrusted KSP files and implementing sandboxing techniques for file processing can significantly reduce exploitation risks. The vulnerability's classification as a remote code execution flaw necessitates comprehensive network monitoring and endpoint detection measures to identify potential exploitation attempts. Organizations should also consider implementing application whitelisting policies to restrict execution of unauthorized KeyShot Viewer versions and maintain regular vulnerability assessments to identify similar issues in other software components.