CVE-2025-0412: 
Homebrew vulnerability analysis and mitigation

CVE-2025-0412 is a remote code execution vulnerability in Luxion KeyShot Viewer discovered in January 2025. The vulnerability exists within the processing of KSP files and allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file (ZDI Advisory).

The vulnerability stems from the lack of proper validation of user-supplied data during KSP file processing, which can result in a memory corruption condition. The issue has been assigned a CVSS v3.0 base score of 7.8 (HIGH) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

A successful exploitation of this vulnerability allows attackers to execute arbitrary code in the context of the current process. This could potentially lead to complete system compromise with the privileges of the affected application (ZDI Advisory).

Luxion has issued an update to correct this vulnerability. Users are advised to apply the security update available at the vendor's security advisory (ZDI Advisory).