CVE-2025-11464 is a heap-based buffer overflow vulnerability identified in Ashlar-Vellum Cobalt version 1204.97, specifically within the parsing logic of CO files. The vulnerability stems from inadequate validation of the length of user-supplied data before copying it into a heap-allocated buffer. This flaw allows an attacker to overflow the buffer, corrupting adjacent memory and enabling arbitrary code execution within the context of the vulnerable process. Exploitation requires user interaction, such as opening a crafted malicious CO file or visiting a malicious webpage that triggers the file parsing. The vulnerability is classified under CWE-122 (Heap-based Buffer Overflow) and has a CVSS 3.0 base score of 7.8, reflecting high severity. The attack vector is local (AV:L) but can be triggered remotely if the user opens a malicious file received via email or downloaded from the internet. The attack complexity is low (AC:L), no privileges are required (PR:N), but user interaction is necessary (UI:R). Successful exploitation compromises confidentiality, integrity, and availability by allowing arbitrary code execution, potentially leading to full system compromise. No patches or mitigations are currently published, and no known exploits are reported in the wild. The vulnerability was reserved and published in October 2025 by the Zero Day Initiative (ZDI) under ZDI-CAN-26628.

For European organizations, this vulnerability poses a significant risk, particularly for those using Ashlar-Vellum Cobalt in engineering, design, and manufacturing workflows. Exploitation could lead to unauthorized code execution, data theft, or disruption of critical design processes, impacting intellectual property confidentiality and operational continuity. The requirement for user interaction means phishing or social engineering could be leveraged to deliver malicious CO files. The high severity and potential for full system compromise make this a critical concern for sectors reliant on CAD software, including automotive, aerospace, and industrial design companies prevalent in Europe. Disruption or compromise could affect supply chains and innovation pipelines, with potential regulatory and reputational consequences under GDPR and other data protection frameworks.

Organizations should implement strict controls on file handling, including disabling automatic opening of CO files from untrusted sources and educating users about the risks of opening unsolicited files. Network-level defenses such as email filtering and sandboxing of attachments can reduce exposure. Until a vendor patch is released, consider isolating Ashlar-Vellum Cobalt installations in segmented environments with limited internet access. Employ application whitelisting and endpoint detection and response (EDR) tools to monitor for anomalous behavior indicative of exploitation attempts. Regular backups and incident response plans should be updated to address potential compromise scenarios. Engage with the vendor for timely patch deployment once available and monitor threat intelligence feeds for emerging exploit activity.