Remote Code Execution Vulnerability in Oxford Instruments Imaris Viewer
CVE-2025-9274

7.8HIGH

Key Information:

Vendor: Oxford Instruments
Status: Imaris Viewer
Vendor: CVE Published:; 2 September 2025

🔔 Create Oxford Instruments Vulnerability Alert

What is CVE-2025-9274?

A remote code execution vulnerability exists in Oxford Instruments Imaris Viewer due to improper handling of IMS file parsing. An attacker could exploit this weakness by persuading a user to visit a malicious webpage or open a crafted file, thereby allowing arbitrary code execution within the context of the application process. Ensuring prompt updates and user caution are critical for system protection against this threat.

Affected Version(s)

Imaris Viewer 10.0.1

References

https://www.zerodayinitiative.com/advisories/ZDI-25-853/

x_research-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Aug 20, 2025