Vulnerability in Luxion Keyshot
CVE-2025-1047
Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is requ…
EPSS: 0.003 (20.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Luxion Keyshot — versions 2024 13.0.0 Build 92 4.10.171
Weakness classification (CWE)
Public proof-of-concept exploits
References
- zdi-disclosures@trendmicro.com (x_research-advisory, Third Party Advisory)
- zdi-disclosures@trendmicro.com (vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2025-1047?
- CVE-2025-1047 is a high-severity vulnerability in Luxion Keyshot, classified under Access of Uninitialized Pointer. CVSS score: 7.8/10. Published 2025-04-23.
- How severe is CVE-2025-1047?
- High severity. CVSS v3 base score is 7.8 out of 10.
- Is CVE-2025-1047 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.