CVE-2025-1045 – A heap-based buffer overflow vulnerability in L... (How to Fix)

Q: What is the severity of CVE-2025-1045?

CVE-2025-1045 has a CVSS score of 7.8 (HIGH). A heap-based buffer overflow vulnerability in Luxion KeyShot Viewer allows remote attackers to execute arbitrary code when users open malicious KSP files or visit malicious web pages. This affects users of KeyShot Viewer who process untrusted KSP files. The vulnerability requires user interaction but can lead to complete system compromise.

📋 TL;DR

A heap-based buffer overflow vulnerability in Luxion KeyShot Viewer allows remote attackers to execute arbitrary code when users open malicious KSP files or visit malicious web pages. This affects users of KeyShot Viewer who process untrusted KSP files. The vulnerability requires user interaction but can lead to complete system compromise.

💻 Affected Systems

Products:

Luxion KeyShot Viewer

Versions: Specific versions not detailed in advisory, but all versions prior to patched release are likely affected

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installations when processing KSP files. User interaction required (opening file or visiting malicious page).

📦 What is this software?

Keyshot by Luxion

View all CVEs affecting Keyshot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, data theft, lateral movement, and persistence establishment.

🟠

Likely Case

Remote code execution in the context of the current user, potentially leading to malware installation, data exfiltration, or ransomware deployment.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, though data loss from the user's context is still possible.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction but is technically straightforward once malicious file is opened. ZDI has confirmed the vulnerability (ZDI-CAN-24586).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in advisory, but patch is available

Vendor Advisory: https://download.keyshot.com/cert/ksa-113962/ksa-113962.pdf

Restart Required: Yes

Instructions:

1. Download latest KeyShot Viewer from official Luxion website
2. Uninstall previous version
3. Install updated version
4. Restart system

🔧 Temporary Workarounds

Disable KSP file association

all

Remove file association for .ksp files to prevent automatic opening in KeyShot Viewer

Windows: assoc .ksp=
Windows: ftype KSPFile=
macOS: Remove .ksp association from Finder preferences

Application control blocking

all

Use application control solutions to block execution of KeyShot Viewer or restrict to trusted files only

🧯 If You Can't Patch

Implement strict email/web filtering to block KSP files from untrusted sources
Educate users to never open KSP files from unknown or untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check KeyShot Viewer version and compare against latest patched version from vendor advisory

Check Version:

Windows: Check Help > About in KeyShot Viewer; macOS: Check KeyShot Viewer > About KeyShot Viewer

Verify Fix Applied:

Verify installation of latest version from official source and test with known safe KSP files

📡 Detection & Monitoring

Log Indicators:

Process crashes of KeyShot Viewer
Unusual child processes spawned from KeyShot Viewer
File creation/modification by KeyShot Viewer process

Network Indicators:

Outbound connections from KeyShot Viewer to unusual destinations
DNS requests for suspicious domains from KeyShot process

SIEM Query:

Process:Name='KeyShot Viewer' AND (EventID=1000 OR ParentProcessName='KeyShot Viewer')

📊 Metadata

CVE ID: CVE-2025-1045

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.06% exploit probability (18.3th percentile)

Published: April 23, 2025

Last Updated: August 7, 2025

🔗 References

https://download.keyshot.com/cert/ksa-113962/ksa-113962.pdf?version=1.0&_gl=1*1x6i3a*_gcl_au*MTU0ODMwNDI4Ny4xNzQzNTUyMjcx Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-25-233/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1045, you might also want to check these: