ZDI-25-173: (0Day) Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-2530.

USN-7367-1: zvbi vulnerabilities

It was discovered that zvbi incorrectly handled memory when processing user input. An attacker could possibly use this issue to...

March 24, 2025

augeas-1.14.2-0.4.20250324git4dffa3d.fc40

FEDORA-2025-31036092ea Packages in this update: augeas-1.14.2-0.4.20250324git4dffa3d.fc40 Update description: CVE-2025-2588 Read More

March 24, 2025

augeas-1.14.2-0.4.20250324git4dffa3d.fc41

FEDORA-2025-117fe4c81f Packages in this update: augeas-1.14.2-0.4.20250324git4dffa3d.fc41 Update description: CVE-2025-2588 Read More

March 24, 2025

augeas-1.14.2-0.4.20250324git4dffa3d.fc42

FEDORA-2025-6b5c54bd05 Packages in this update: augeas-1.14.2-0.4.20250324git4dffa3d.fc42 Update description: CVE-2025-2588 Read More

March 24, 2025

USN-7365-1: NLTK vulnerabilities

It was discovered that NLTK contained a regex that is susceptible to catastrophic backtracking. An attacker could possibly use this...

March 24, 2025

uriparser-0.9.8-2.el8

FEDORA-EPEL-2025-1f39c6fc05 Packages in this update: uriparser-0.9.8-2.el8 Update description: Update to uriparser-0.9.8. Read More

March 23, 2025

VanHelsingRaaS Expands Rapidly in Cybercrime Market

Ukraine Railway Systems Hit by Targeted Cyber-Attack

Authorities Seize 1842 Devices in Africa’s Cybercrime Crackdown

DeepSeek: A New Player in the Global AI Race

California AG Reminds 23andMe Customers of Data Deletion Rights Amid Bankruptcy Filing

More Countries are Demanding Back-Doors to Encrypted Apps

Teen Boys at Risk of Sextortion as 74% Lack Basic Awareness

Google Account Hijackers Target Victims Via Semrush Ads

The Power of Simplicity: Why LevelBlue’s Partner Program Makes Cybersecurity Easier for MSPs and MSSPs

ZDI-25-173: (0Day) Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability

USN-7367-1: zvbi vulnerabilities

augeas-1.14.2-0.4.20250324git4dffa3d.fc40

augeas-1.14.2-0.4.20250324git4dffa3d.fc41

augeas-1.14.2-0.4.20250324git4dffa3d.fc42

USN-7365-1: NLTK vulnerabilities

uriparser-0.9.8-2.el8