CVE-2025-58775
📋 TL;DR
A stack-based buffer overflow vulnerability in KEYENCE KV STUDIO and VT5-WX15/WX12 products allows remote code execution when processing specially crafted files. This affects industrial control system (ICS) programming and configuration software used in manufacturing and automation environments. Attackers could gain full control of affected systems.
💻 Affected Systems
- KV STUDIO
- VT5-WX15
- VT5-WX12
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise leading to production disruption, data theft, or physical damage in industrial environments through arbitrary code execution.
Likely Case
Attackers gain control of engineering workstations to pivot into operational technology networks, potentially disrupting manufacturing processes.
If Mitigated
Limited impact if systems are air-gapped, have strict file transfer controls, and use least privilege principles.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious file. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check KEYENCE advisory for specific fixed versions
Vendor Advisory: https://www.keyence.com/kv_vulnerability2509301/
Restart Required: Yes
Instructions:
1. Review KEYENCE advisory JVNVU97069449
2. Download and install updated software versions from KEYENCE support portal
3. Restart affected systems after installation
4. Validate fix by testing with known safe project files
🔧 Temporary Workarounds
Restrict File Processing
windowsImplement strict controls on which files can be opened in KV STUDIO software
User Awareness Training
allTrain engineers and operators to only open trusted project files from verified sources
🧯 If You Can't Patch
- Isolate affected systems from untrusted networks and implement strict air-gapping
- Implement application whitelisting to prevent execution of unauthorized code
🔍 How to Verify
Check if Vulnerable:
Check installed version of KV STUDIO software against KEYENCE advisory. Systems running affected versions are vulnerable.Check Version:
Check version through KV STUDIO Help > About menu or Windows Programs and FeaturesVerify Fix Applied:
Verify software version matches or exceeds the patched version specified in KEYENCE advisory📡 Detection & Monitoring
Log Indicators:
- Unexpected process crashes of KV STUDIO
- Unusual file access patterns to project files
- Creation of unexpected child processes from KV STUDIO
Network Indicators:
- Unusual network connections originating from engineering workstations
- File transfers to/from KV STUDIO systems from untrusted sources
SIEM Query:
Process creation where parent_process contains 'kvstudio' AND (process_name contains 'cmd' OR process_name contains 'powershell' OR process_name contains unusual_executable)