CVE-2025-7982 is a high-severity remote code execution vulnerability affecting Ashlar-Vellum Cobalt version 1204.96. The vulnerability stems from an integer overflow (CWE-190) in the parsing of LI files, which are presumably part of the application's file format or import functionality. Specifically, the flaw arises due to insufficient validation of user-supplied data during the parsing process. When the application processes crafted LI files, the integer overflow can cause an incorrect buffer size allocation, leading to a buffer overflow condition. This memory corruption can be exploited by attackers to execute arbitrary code within the context of the vulnerable process. Exploitation requires user interaction, such as opening a malicious LI file or visiting a malicious webpage that triggers the file parsing. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required, but user interaction is necessary. No public exploits are currently known in the wild. The vulnerability was reported by the Zero Day Initiative (ZDI) under identifier ZDI-CAN-25476 and published in September 2025. No patches or fixes have been linked yet, indicating that affected users should prioritize mitigation and monitoring until an official update is released.

For European organizations using Ashlar-Vellum Cobalt, particularly in industries relying on CAD or design software where LI files are common, this vulnerability poses a significant risk. Successful exploitation could lead to full system compromise, data theft, or disruption of critical design workflows. Since the vulnerability allows arbitrary code execution, attackers could deploy malware, ransomware, or establish persistent access. The requirement for user interaction means phishing or social engineering campaigns could be effective attack vectors. Confidentiality of sensitive design data and intellectual property could be severely impacted, with potential regulatory consequences under GDPR if personal or sensitive data is involved. Operational disruption could affect manufacturing, engineering, or architectural projects, leading to financial losses and reputational damage.

Organizations should immediately implement strict controls around the handling of LI files, including disabling automatic opening or previewing of such files in Ashlar-Vellum Cobalt until a patch is available. Employ application whitelisting and sandboxing techniques to isolate the Cobalt application and limit the impact of potential exploitation. Enhance email and web filtering to block or flag suspicious LI files or links leading to malicious content. Conduct user awareness training focused on the risks of opening unsolicited or unexpected files. Monitor system and application logs for unusual behavior indicative of exploitation attempts. If possible, restrict Cobalt usage to trusted networks and users, and maintain up-to-date backups of critical data to enable recovery. Engage with Ashlar-Vellum for timely updates and apply patches as soon as they are released.