CVE-2025-9274
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-15
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oxinst | imaris_viewer | 10.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-824 | The product accesses or uses a pointer that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a remote code execution flaw in Oxford Instruments Imaris Viewer related to the IMS file parsing component. It occurs because an uninitialized pointer is accessed during parsing, which can be exploited by an attacker if a user opens a malicious file or visits a malicious webpage. Exploiting this flaw allows the attacker to execute arbitrary code within the context of the current process. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on your system with the privileges of the Imaris Viewer process. This can lead to full compromise of confidentiality, integrity, and availability of data and system resources accessible by the application, potentially resulting in data theft, corruption, or denial of service. [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation recommended is to restrict user interaction with the affected Oxford Instruments Imaris Viewer product, as exploitation requires user interaction with a malicious file or webpage. [1]