CVE-2025-7986 is a high-severity remote code execution vulnerability affecting Ashlar-Vellum Graphite version 13.0. The vulnerability arises from an out-of-bounds write condition (CWE-787) during the parsing of VC6 files. Specifically, the software fails to properly validate user-supplied data within these files, leading to a write operation beyond the allocated buffer boundaries. This memory corruption flaw can be exploited by an attacker to execute arbitrary code within the context of the current process. Exploitation requires user interaction, such as opening a maliciously crafted VC6 file or visiting a malicious webpage that triggers the vulnerable file parsing. The vulnerability has a CVSS 3.0 base score of 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no public exploits are currently known in the wild, the nature of the flaw and its potential for remote code execution make it a significant threat. The vulnerability was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-25755 and publicly disclosed in September 2025. No official patches or mitigations have been published yet, increasing the urgency for affected users to implement interim protective measures.

For European organizations using Ashlar-Vellum Graphite 13.0, this vulnerability poses a critical risk. Successful exploitation could allow attackers to execute arbitrary code remotely, potentially leading to full system compromise, data theft, or disruption of business operations. Given that Graphite is a CAD/CAM software used in design, engineering, and manufacturing sectors, exploitation could jeopardize intellectual property, disrupt production workflows, and impact supply chains. The requirement for user interaction means phishing or social engineering campaigns could be leveraged to deliver malicious VC6 files or lure users to malicious sites. This increases the risk in environments where users frequently exchange design files or access external resources. Confidentiality, integrity, and availability of critical design data and systems are all at risk, which could have downstream effects on product development and operational continuity. Additionally, the lack of known exploits currently does not preclude rapid weaponization, especially given the high severity and ease of exploitation. Organizations in Europe with manufacturing, engineering, or design operations relying on Ashlar-Vellum Graphite should prioritize assessment and mitigation to prevent potential breaches.

1. Immediate mitigation should include restricting the opening of VC6 files from untrusted or external sources until a patch is available. 2. Implement strict email and file filtering to block or quarantine suspicious VC6 files and attachments. 3. Educate users about the risks of opening files from unknown or untrusted origins, emphasizing caution with VC6 files. 4. Employ application whitelisting to limit execution of unauthorized or unexpected processes that could be spawned by exploitation. 5. Use endpoint detection and response (EDR) solutions to monitor for anomalous behavior indicative of exploitation attempts, such as unexpected memory writes or process injections. 6. Network segmentation can limit the lateral movement potential if a system is compromised. 7. Regularly back up critical design data and verify backup integrity to enable recovery in case of compromise. 8. Monitor vendor communications closely for official patches or updates and apply them promptly once available. 9. Consider deploying sandboxing or isolated environments for opening VC6 files to contain potential exploits. 10. Review and tighten user privileges to minimize the impact scope if exploitation occurs.