CVE-2025-61691 – VT STUDIO versions 8.53 and prior contain an ou... (How to Fix)

Q: What is the severity of CVE-2025-61691?

CVE-2025-61691 has a CVSS score of 7.8 (HIGH). VT STUDIO versions 8.53 and prior contain an out-of-bounds read vulnerability that can lead to arbitrary code execution when processing specially crafted files. This affects users of VT STUDIO software up to version 8.53. Attackers could exploit this to gain control of affected systems.

📋 TL;DR

VT STUDIO versions 8.53 and prior contain an out-of-bounds read vulnerability that can lead to arbitrary code execution when processing specially crafted files. This affects users of VT STUDIO software up to version 8.53. Attackers could exploit this to gain control of affected systems.

💻 Affected Systems

Products:

VT STUDIO

Versions: 8.53 and prior

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when processing specially crafted files through the VT STUDIO application.

📦 What is this software?

Vt Studio by Keyence

View all CVEs affecting Vt Studio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the affected VT STUDIO installation and potentially the underlying operating system.

🟠

Likely Case

Remote code execution leading to data theft, malware deployment, or system disruption when users open malicious files.

🟢

If Mitigated

Limited impact with proper file validation and user education preventing malicious file processing.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.54 or later

Vendor Advisory: https://www.keyence.com/vt_vulnerability250930

Restart Required: Yes

Instructions:

1. Download VT STUDIO version 8.54 or later from Keyence official website. 2. Install the update following vendor instructions. 3. Restart the system to complete installation.

🔧 Temporary Workarounds

Restrict file processing

windows

Configure VT STUDIO to only process files from trusted sources and implement file type restrictions.

User education and access controls

all

Train users to avoid opening untrusted files and restrict application permissions.

🧯 If You Can't Patch

Isolate VT STUDIO systems from critical networks and implement strict network segmentation
Deploy application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check VT STUDIO version in Help > About menu. If version is 8.53 or earlier, system is vulnerable.

Check Version:

Not applicable - check through application GUI

Verify Fix Applied:

Verify version shows 8.54 or later in Help > About menu after update installation.

📡 Detection & Monitoring

Log Indicators:

Unusual file processing errors in VT STUDIO logs
Unexpected process creation from VT STUDIO executable

Network Indicators:

Unusual outbound connections from VT STUDIO systems
File transfers to/from VT STUDIO systems

SIEM Query:

Process Creation where Image contains 'vtstudio' AND ParentImage not in (expected_parent_processes)

📊 Metadata

CVE ID: CVE-2025-61691

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.03% exploit probability (6.3th percentile)

Published: October 2, 2025

Last Updated: October 7, 2025

🔗 References

https://jvn.jp/en/vu/JVNVU97069449/ Third Party Advisory
https://www.keyence.com/vt_vulnerability250930 Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61691, you might also want to check these: