CVE-2025-52584

Summary

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Affected Software

VendorProductVersion RangeStatus
Ashlar-VellumCobalt0 < 12.6.1204.204affected
Ashlar-VellumXenon0 < 12.6.1204.204affected
Ashlar-VellumArgon0 < 12.6.1204.204affected
Ashlar-VellumLithium0 < 12.6.1204.204affected
Ashlar-VellumCobalt Share0 < 12.6.1204.204affected

Weaknesses

  • CWE-122: CWE-122 Heap-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References