CVE-2025-11465 is a use-after-free vulnerability classified under CWE-416 affecting Ashlar-Vellum Cobalt, specifically version 1204.97. The vulnerability occurs during the parsing of CO files, a proprietary file format used by the software. The root cause is the failure to validate the existence of an object before performing operations on it, leading to a use-after-free condition. This memory corruption flaw can be exploited by a remote attacker who convinces a user to open a maliciously crafted CO file or visit a malicious webpage that triggers the parsing process. Successful exploitation allows the attacker to execute arbitrary code with the privileges of the current user running the application. The vulnerability has a CVSS 3.0 base score of 7.8, indicating high severity, with an attack vector classified as local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), meaning an attacker could fully compromise the affected system. No patches or exploits are currently publicly available, but the vulnerability was publicly disclosed on October 29, 2025, and was initially reserved on October 7, 2025. The vulnerability was reported by the Zero Day Initiative (ZDI) under the identifier ZDI-CAN-26631.

For European organizations, the impact of CVE-2025-11465 can be significant, especially for those in industries relying on Ashlar-Vellum Cobalt for design, engineering, and manufacturing workflows. Exploitation could lead to arbitrary code execution, allowing attackers to steal sensitive intellectual property, disrupt design processes, or deploy ransomware and other malware. The high impact on confidentiality, integrity, and availability means that critical design files and systems could be compromised or destroyed. Given that exploitation requires user interaction, phishing or social engineering campaigns could be used to target employees. The disruption could affect supply chains and product development cycles, causing financial and reputational damage. Additionally, compromised systems could be used as footholds for lateral movement within corporate networks, increasing the risk of broader enterprise compromise.

Organizations should implement the following specific mitigations: 1) Immediately restrict the opening of CO files from untrusted or unknown sources and educate users about the risks of opening files from unverified origins. 2) Employ application whitelisting and sandboxing techniques to limit the execution context of Ashlar-Vellum Cobalt, reducing the impact of potential exploitation. 3) Monitor network and endpoint logs for unusual behavior related to Ashlar-Vellum Cobalt processes, such as unexpected child processes or network connections. 4) Implement strict email filtering and phishing awareness training to reduce the likelihood of users opening malicious files. 5) Coordinate with Ashlar-Vellum for timely patch deployment once a fix is released; in the meantime, consider disabling or limiting CO file parsing features if feasible. 6) Use endpoint detection and response (EDR) tools to detect exploitation attempts and respond rapidly. 7) Maintain regular backups of critical design files and verify their integrity to enable recovery in case of compromise.