CVE-2025-7980 is a high-severity remote code execution vulnerability affecting Ashlar-Vellum Graphite version 13_SE_13048. The vulnerability arises from an out-of-bounds write condition (CWE-787) in the parsing of VC6 files, which are presumably project or design files handled by the Graphite software. Specifically, the flaw is due to improper validation of user-supplied data during the VC6 file parsing process, allowing an attacker to write beyond the allocated buffer boundaries. This memory corruption can be exploited to execute arbitrary code within the context of the current process. Exploitation requires user interaction, such as opening a maliciously crafted VC6 file or visiting a malicious webpage that triggers the file parsing. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity, no privileges required, but user interaction necessary. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in July 2025 and published in September 2025, indicating recent discovery. The affected product, Ashlar-Vellum Graphite, is a CAD/design software used in technical and engineering fields, which makes this vulnerability particularly critical in environments where such files are exchanged or processed. The lack of proper input validation in file parsing is a common vector for remote code execution, and this vulnerability fits that pattern, allowing attackers to potentially compromise systems by tricking users into opening malicious files or visiting malicious sites hosting such files.

For European organizations, the impact of CVE-2025-7980 can be significant, especially for those in engineering, manufacturing, architecture, and design sectors that rely on Ashlar-Vellum Graphite for CAD and design workflows. Successful exploitation could lead to full system compromise, data theft, or disruption of critical design processes. Confidentiality is at risk as attackers could access sensitive design files and intellectual property. Integrity is compromised because attackers could alter design files or software behavior. Availability is also threatened if attackers deploy ransomware or destructive payloads. Given the user interaction requirement, phishing or social engineering campaigns could be used to deliver malicious VC6 files. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate it, especially as attackers often develop exploits rapidly after disclosure. The lack of a patch at the time of publication means organizations must rely on mitigations until an official fix is released. This vulnerability could also be leveraged as a foothold in targeted attacks against high-value European industrial and engineering firms, potentially impacting supply chains and critical infrastructure projects.

European organizations should implement the following specific mitigations: 1) Restrict or monitor the receipt and opening of VC6 files from untrusted sources, including email attachments and downloads. 2) Employ application whitelisting and sandboxing to limit the execution context of Ashlar-Vellum Graphite and isolate it from sensitive system components. 3) Use endpoint detection and response (EDR) tools to monitor for anomalous behavior indicative of exploitation attempts, such as unexpected memory writes or process injections. 4) Educate users on the risks of opening files from unknown or suspicious origins, emphasizing the need for caution with VC6 files. 5) Network segmentation to limit the lateral movement potential if a system is compromised. 6) Regularly check for and apply vendor patches or updates once available. 7) Implement strict file scanning policies with advanced malware detection on mail gateways and file servers to detect malicious VC6 files. 8) Consider disabling or restricting the use of Ashlar-Vellum Graphite in environments where it is not essential until a patch is available.