CVE-2025-65084 – An Out-of-Bounds Write vulnerability in Ashlar-... (How to Fix)

Q: What is the severity of CVE-2025-65084?

CVE-2025-65084 has a CVSS score of 9.8 (CRITICAL). An Out-of-Bounds Write vulnerability in Ashlar-Vellum CAD software allows attackers to execute arbitrary code or disclose sensitive information by sending specially crafted files. This affects users of Cobalt, Xenon, Argon, Lithium, and Cobalt Share products. The high CVSS score indicates critical severity requiring immediate attention.

📋 TL;DR

An Out-of-Bounds Write vulnerability in Ashlar-Vellum CAD software allows attackers to execute arbitrary code or disclose sensitive information by sending specially crafted files. This affects users of Cobalt, Xenon, Argon, Lithium, and Cobalt Share products. The high CVSS score indicates critical severity requiring immediate attention.

💻 Affected Systems

Products:

Ashlar-Vellum Cobalt
Ashlar-Vellum Xenon
Ashlar-Vellum Argon
Ashlar-Vellum Lithium
Ashlar-Vellum Cobalt Share

Versions: 12.6.1204.207 and prior

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations running affected versions are vulnerable when processing CAD files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution leading to data theft, ransomware deployment, or lateral movement within networks.

🟠

Likely Case

Malicious actors deliver weaponized CAD files via phishing to execute code on victim systems, potentially stealing intellectual property or installing malware.

🟢

If Mitigated

With proper network segmentation and file validation, impact is limited to isolated systems without critical data access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction to open malicious files, but no authentication is needed once file is processed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.6.1204.208 or later

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-01

Restart Required: Yes

Instructions:

1. Download latest version from Ashlar-Vellum website. 2. Backup current installation. 3. Run installer with administrative privileges. 4. Restart system after installation completes.

🔧 Temporary Workarounds

File Validation Filter

all

Implement file validation to block suspicious CAD files at network perimeter.

Application Control

windows

Restrict execution of Ashlar-Vellum software to trusted users only.

🧯 If You Can't Patch

Isolate affected systems from critical networks and internet access
Implement strict file upload/download policies and user training against opening untrusted CAD files

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Ashlar-Vellum software and verify version is 12.6.1204.207 or earlier.

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Confirm version is 12.6.1204.208 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unusual file processing activity in application logs

Network Indicators:

Unexpected outbound connections from CAD software
Large CAD file transfers from untrusted sources

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName contains 'Ashlar' OR 'Vellum'

📊 Metadata

CVE ID: CVE-2025-65084

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.13% exploit probability (32.7th percentile)

Published: November 25, 2025

Last Updated: November 28, 2025

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65084, you might also want to check these: