CVE-2025-53705

Summary

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Affected Software

VendorProductVersion RangeStatus
Ashlar-VellumCobalt0 < 12.6.1204.204affected
Ashlar-VellumXenon0 < 12.6.1204.204affected
Ashlar-VellumArgon0 < 12.6.1204.204affected
Ashlar-VellumLithium0 < 12.6.1204.204affected
Ashlar-VellumCobalt Share0 < 12.6.1204.204affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References