CVE-2025-65085 – A heap-based buffer overflow vulnerability in A... (How to Fix)

Q: What is the severity of CVE-2025-65085?

CVE-2025-65085 has a CVSS score of 9.8 (CRITICAL). A heap-based buffer overflow vulnerability in Ashlar-Vellum CAD software allows attackers to read sensitive memory or execute arbitrary code by sending specially crafted data. This affects users of Cobalt, Xenon, Argon, Lithium, and Cobalt Share products. The high CVSS score indicates critical severity requiring immediate attention.

📋 TL;DR

A heap-based buffer overflow vulnerability in Ashlar-Vellum CAD software allows attackers to read sensitive memory or execute arbitrary code by sending specially crafted data. This affects users of Cobalt, Xenon, Argon, Lithium, and Cobalt Share products. The high CVSS score indicates critical severity requiring immediate attention.

💻 Affected Systems

Products:

Ashlar-Vellum Cobalt
Ashlar-Vellum Xenon
Ashlar-Vellum Argon
Ashlar-Vellum Lithium
Ashlar-Vellum Cobalt Share

Versions: 12.6.1204.207 and prior

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations running affected versions are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution leading to data theft, ransomware deployment, or lateral movement across networks.

🟠

Likely Case

Information disclosure of sensitive memory contents or application crashes causing denial of service.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit prevention controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Heap buffer overflows with CWE-122 typically have low exploitation complexity when proof-of-concepts become available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 12.6.1205 or later

Vendor Advisory: https://www.ashlar.com/security-advisory

Restart Required: Yes

Instructions:

1. Download latest version from Ashlar-Vellum support portal
2. Backup current installation and data
3. Run installer with administrative privileges
4. Restart system after installation completes

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected systems from untrusted networks and internet access

Application Whitelisting

windows

Restrict execution of Ashlar-Vellum processes to authorized users only

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Deploy endpoint protection with exploit prevention capabilities

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Ashlar-Vellum application for version number

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is 12.6.1205 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unusual process creation from Ashlar-Vellum executables

Network Indicators:

Unexpected network connections from CAD software
Malformed data packets to Ashlar-Vellum services

SIEM Query:

Process Creation where Image contains 'cobalt' OR Image contains 'xenon' OR Image contains 'argon' OR Image contains 'lithium' AND CommandLine contains unusual parameters

📊 Metadata

CVE ID: CVE-2025-65085

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.08% exploit probability (24.5th percentile)

Published: November 25, 2025

Last Updated: November 28, 2025

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65085, you might also want to check these: