1. EXECUTIVE SUMMARY
- CVSS v4 8.4
- ATTENTION: Low attack complexity
- Vendor: Ashlar-Vellum
- Equipment: Cobalt, Xenon, Argon, Lithium, Cobalt Share
- Vulnerabilities: Out-of-Bounds Write, Heap-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Ashlar-Vellum products are affected:
- Cobalt: Versions 12.6.1204.207 and prior
- Xenon: Versions 12.6.1204.207 and prior
- Argon: Versions 12.6.1204.207 and prior
- Lithium: Versions 12.6.1204.207 and prior
- Cobalt Share: Versions 12.6.1204.207 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS WRITE CWE-787
An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.
CVE-2025-65084 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-65084. A base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.2.2 HEAP-BAS
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article:
Read the original article: