CVE-2025-41392

Summary

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Affected Software

VendorProductVersion RangeStatus
Ashlar-VellumCobalt0 < 12.6.1204.204affected
Ashlar-VellumXenon0 < 12.6.1204.204affected
Ashlar-VellumArgon0 < 12.6.1204.204affected
Ashlar-VellumLithium0 < 12.6.1204.204affected
Ashlar-VellumCobalt Share0 < 12.6.1204.204affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References