CVE-2025-9274
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-09-15

Assigner: Zero Day Initiative

Description
Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IMS files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21657.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-09-15
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9274
EUVD
EUVD-2025-26438
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oxinst imaris_viewer 10.0.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-824 The product accesses or uses a pointer that has not been initialized.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a remote code execution flaw in Oxford Instruments Imaris Viewer related to the IMS file parsing component. It occurs because an uninitialized pointer is accessed during parsing, which can be exploited by an attacker if a user opens a malicious file or visits a malicious webpage. Exploiting this flaw allows the attacker to execute arbitrary code within the context of the current process. [1]

Impact Analysis

If exploited, this vulnerability can allow an attacker to execute arbitrary code on your system with the privileges of the Imaris Viewer process. This can lead to full compromise of confidentiality, integrity, and availability of data and system resources accessible by the application, potentially resulting in data theft, corruption, or denial of service. [1]

Mitigation Strategies

The primary mitigation recommended is to restrict user interaction with the affected Oxford Instruments Imaris Viewer product, as exploitation requires user interaction with a malicious file or webpage. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9274. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart