Heap-based Buffer Overflow in Luxion KeyShot allows Remote Code Execution
CVE-2025-2531

7.8HIGH

Key Information:

Vendor: Luxion
Status: Keyshot
Vendor: CVE Published:; 25 March 2025

What is CVE-2025-2531?

This vulnerability affects Luxion KeyShot during the parsing of DAE files, where inadequate validation of user-supplied data length can lead to a heap-based buffer overflow. Attackers may exploit this flaw by enticing users to open a malicious file or visit a malicious webpage, allowing arbitrary code execution in the context of the current process, which could lead to unauthorized access or system compromise.

Affected Version(s)

KeyShot 2024 13.0.0 Build 92 4.10.171

References

https://www.zerodayinitiative.com/advisories/ZDI-25-174/

x_research-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Mar 19, 2025