CVE-2025-7977 is a high-severity vulnerability affecting Ashlar-Vellum Cobalt version 1204.91, specifically in the parsing of LI files. The vulnerability is classified as an out-of-bounds read (CWE-125), where improper validation of user-supplied data leads to reading memory before the start of an allocated buffer. This memory corruption flaw can be exploited by remote attackers to execute arbitrary code within the context of the vulnerable process. Exploitation requires user interaction, such as opening a malicious LI file or visiting a crafted webpage that triggers the vulnerable parser. The vulnerability allows attackers to compromise confidentiality, integrity, and availability by executing code remotely without prior authentication. The CVSS v3.0 score is 7.8 (high), reflecting the ease of exploitation (low complexity), no privileges required, but user interaction is necessary. No known exploits are currently reported in the wild, but the potential for remote code execution makes this a critical concern for affected users. The vulnerability was assigned by the Zero Day Initiative (ZDI) and publicly disclosed in September 2025. The lack of a patch at the time of disclosure increases the urgency for mitigation and risk management.

For European organizations using Ashlar-Vellum Cobalt 1204.91, this vulnerability poses a significant risk. Ashlar-Vellum Cobalt is a CAD and design software used in engineering, manufacturing, and architectural sectors, which are critical industries in Europe. Successful exploitation could lead to unauthorized code execution, enabling attackers to steal intellectual property, disrupt design workflows, implant malware, or pivot within networks. The requirement for user interaction means phishing or social engineering campaigns could be effective attack vectors. Given the high confidentiality and integrity impact, organizations could face data breaches, loss of proprietary designs, and operational downtime. This is particularly concerning for European companies involved in high-value manufacturing and infrastructure projects, where design data is sensitive. The absence of known exploits currently provides a window for proactive defense, but the vulnerability’s nature means it could be weaponized rapidly once exploit code is developed.

Immediate mitigation steps include: 1) Restricting the opening of LI files from untrusted or unknown sources to prevent accidental exploitation. 2) Implementing strict email and web filtering to block malicious attachments and URLs that could deliver crafted LI files. 3) Employing endpoint security solutions capable of detecting anomalous behavior related to file parsing or code execution in Ashlar-Vellum Cobalt processes. 4) Educating users about the risks of opening unsolicited files and visiting untrusted websites, emphasizing the need for caution with LI files. 5) Monitoring vendor communications closely for patches or updates addressing this vulnerability and applying them promptly once available. 6) Utilizing application whitelisting and sandboxing techniques to limit the impact of potential exploitation. 7) Conducting network segmentation to isolate critical design and engineering systems, reducing lateral movement opportunities for attackers.