CVE-2025-65085

Description

A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

Active

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

Ashlar-Vellum / Argon0 – 12.6.1204.216
Ashlar-Vellum / Cobalt0 – 12.6.1204.216
Ashlar-Vellum / Cobalt Share0 – 12.6.1204.216
Ashlar-Vellum / Lithium0 – 12.6.1204.216
Ashlar-Vellum / Xenon0 – 12.6.1204.216

References

VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-329-01