Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

CVE-2025-7981: CWE-457: Use of Uninitialized Variable in Ashlar-Vellum Graphite

High
VulnerabilityCVE-2025-7981cvecve-2025-7981cwe-457
Published: Wed Sep 17 2025 (09/17/2025, 20:51:40 UTC)
Source: CVE Database V5
Vendor/Project: Ashlar-Vellum
Product: Graphite

Description

Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25475.

Technical Details

Data Version
5.1
Assigner Short Name
zdi
Date Reserved
2025-07-21T19:49:26.041Z
Cvss Version
3.0
State
PUBLISHED

Threat ID: 68cb20e8c138e352740b9f32

Added to database: 9/17/2025, 8:58:16 PM

Last updated: 9/17/2025, 8:58:16 PM

Views: 1

Related Threats

CVE-2025-8006: CWE-125: Out-of-bounds Read in Ashlar-Vellum Cobalt

High
VulnerabilityWed Sep 17 2025

CVE-2025-8005: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Ashlar-Vellum Cobalt

High
VulnerabilityWed Sep 17 2025

CVE-2025-8004: CWE-125: Out-of-bounds Read in Ashlar-Vellum Cobalt

High
VulnerabilityWed Sep 17 2025

CVE-2025-8003: CWE-125: Out-of-bounds Read in Ashlar-Vellum Cobalt

High
VulnerabilityWed Sep 17 2025

CVE-2025-8002: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Ashlar-Vellum Cobalt

High
VulnerabilityWed Sep 17 2025

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats