CVE-2025-7982 is a high-severity remote code execution vulnerability affecting Ashlar-Vellum Cobalt version 1204.96. The flaw arises from an integer overflow in the parsing of LI files, a proprietary file format used by the software. Specifically, the vulnerability is due to improper validation of user-supplied data during the parsing process, which can cause an integer overflow before buffer allocation. This overflow can lead to buffer size miscalculations, enabling an attacker to overwrite memory and execute arbitrary code within the context of the vulnerable process. Exploitation requires user interaction, such as opening a malicious LI file or visiting a crafted webpage that triggers the parsing routine. The CVSS v3.0 score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required, but user interaction is necessary. The vulnerability was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-25476. No public exploits are currently known in the wild, and no official patches have been released yet. However, the nature of the vulnerability—integer overflow leading to remote code execution—makes it a critical risk for users of Ashlar-Vellum Cobalt, particularly in environments where untrusted files may be received or opened. Given the software’s use in design and CAD workflows, exploitation could lead to significant operational disruption and potential data compromise.

For European organizations using Ashlar-Vellum Cobalt, this vulnerability poses a significant risk. Successful exploitation could allow attackers to execute arbitrary code remotely, potentially leading to full system compromise. This could result in theft or manipulation of sensitive design data, intellectual property loss, and disruption of critical engineering or manufacturing workflows. The requirement for user interaction means phishing or social engineering could be vectors, increasing the risk in organizations with less mature security awareness. Additionally, compromised systems could be used as footholds for lateral movement within corporate networks, escalating the threat to broader IT infrastructure. The confidentiality, integrity, and availability of critical design files and related systems are at risk, which could have downstream effects on product development cycles and compliance with data protection regulations such as GDPR if personal or sensitive data is involved. The lack of a patch at present increases exposure, making timely mitigation essential.

1. Implement strict file handling policies: Restrict the opening of LI files to trusted sources only and educate users about the risks of opening files from unknown or untrusted origins. 2. Employ network-level protections: Use email and web filtering solutions to block or quarantine suspicious LI files and malicious URLs that could deliver exploit payloads. 3. Apply application whitelisting and sandboxing: Run Ashlar-Vellum Cobalt within controlled environments to limit the impact of potential exploitation. 4. Monitor and log application behavior: Deploy endpoint detection and response (EDR) tools to detect anomalous activities indicative of exploitation attempts. 5. Maintain up-to-date backups: Ensure regular backups of critical design data to enable recovery in case of compromise. 6. Engage with vendor support: Monitor Ashlar-Vellum’s communications for patches or updates addressing this vulnerability and apply them promptly once available. 7. Conduct targeted user training: Raise awareness about the specific risks associated with opening unsolicited or unexpected LI files. 8. Consider network segmentation: Isolate systems running Ashlar-Vellum Cobalt to reduce potential lateral movement if compromised.