CVE-2025-7977 is a high-severity vulnerability affecting Ashlar-Vellum Cobalt version 1204.91, specifically in the parsing of LI files. The vulnerability is classified as an out-of-bounds read (CWE-125), where improper validation of user-supplied data leads to reading memory before the start of an allocated buffer. This memory corruption flaw can be exploited by remote attackers to execute arbitrary code within the context of the current process. Exploitation requires user interaction, such as opening a malicious LI file or visiting a crafted webpage that triggers the vulnerable parser. The vulnerability allows attackers to compromise confidentiality, integrity, and availability by executing code remotely without prior authentication. The CVSS v3.0 base score is 7.8, reflecting high impact and moderate exploit complexity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability was reserved in July 2025 and published in September 2025 by ZDI (ZDI-CAN-25354).

For European organizations using Ashlar-Vellum Cobalt 1204.91, this vulnerability poses a significant risk. The ability for remote code execution through crafted LI files or malicious web content can lead to full system compromise, data theft, or disruption of critical design workflows. Given that Ashlar-Vellum Cobalt is a CAD software used in engineering, architecture, and manufacturing sectors, exploitation could result in intellectual property theft, sabotage of design files, or operational downtime. The requirement for user interaction means phishing or social engineering campaigns could be leveraged to deliver the exploit. The high impact on confidentiality, integrity, and availability could affect sensitive projects and critical infrastructure development within European industries, potentially causing financial and reputational damage.

European organizations should implement the following specific mitigations: 1) Restrict the use of Ashlar-Vellum Cobalt 1204.91 to trusted environments and limit exposure to untrusted LI files or web content. 2) Employ application whitelisting and sandboxing techniques to contain the execution context of Ashlar-Vellum Cobalt, preventing arbitrary code execution from impacting the broader system. 3) Educate users on the risks of opening files from unverified sources and implement strict email and web filtering to block malicious attachments or links. 4) Monitor network and endpoint behavior for anomalies indicative of exploitation attempts, such as unexpected process spawning or memory access violations. 5) Coordinate with Ashlar-Vellum for timely patch deployment once available and consider temporary disabling of LI file parsing features if feasible. 6) Use endpoint detection and response (EDR) solutions to detect and respond to suspicious activities related to this vulnerability.