CVE-2025-7989 is a high-severity vulnerability identified in Ashlar-Vellum's Cobalt software, specifically version 12 SP1. The vulnerability is classified as a CWE-125: Out-of-bounds Read, occurring during the parsing of AR files, a file format used by the application. The root cause is insufficient validation of user-supplied data, which leads to reading beyond the allocated memory buffer. This memory corruption can be exploited by remote attackers to execute arbitrary code within the context of the current process. Exploitation requires user interaction, such as opening a maliciously crafted AR file or visiting a malicious webpage that triggers the vulnerable parsing routine. The CVSS v3.0 base score is 7.8, indicating a high severity level, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:R). The impact on confidentiality, integrity, and availability is rated high, meaning successful exploitation can lead to full system compromise. Although no known exploits are currently reported in the wild, the vulnerability was publicly disclosed on September 17, 2025, and tracked under ZDI-CAN-25943. The lack of a patch link suggests that a fix may not yet be available, increasing the urgency for mitigation. Given the nature of the vulnerability, attackers could craft malicious AR files to target users of Ashlar-Vellum Cobalt, potentially leading to remote code execution and system takeover.

For European organizations using Ashlar-Vellum Cobalt 12 SP1, this vulnerability poses a significant risk. The ability for remote code execution means attackers can gain unauthorized access, potentially leading to data breaches, intellectual property theft, or disruption of critical design workflows. Organizations in sectors such as manufacturing, engineering, and design—where Ashlar-Vellum Cobalt is commonly used—could face operational downtime and reputational damage. Since exploitation requires user interaction, phishing campaigns or malicious file distribution could be effective attack vectors. The high impact on confidentiality, integrity, and availability means sensitive design data could be exposed or altered, and systems could be rendered inoperable. The absence of known exploits in the wild currently provides a window for proactive defense, but the public disclosure increases the risk of rapid exploit development. European organizations must consider the potential cascading effects on supply chains and client projects, especially where design data is critical.

Given the lack of an official patch at the time of disclosure, European organizations should implement immediate compensating controls. These include: 1) Restricting the opening of AR files to trusted sources only and educating users about the risks of opening unsolicited or suspicious files. 2) Employing application whitelisting and sandboxing techniques to isolate Ashlar-Vellum Cobalt processes, limiting the impact of potential exploitation. 3) Monitoring network and endpoint logs for unusual activity related to the Cobalt application, such as unexpected file accesses or process behaviors. 4) Implementing strict email filtering and attachment scanning to block malicious AR files from reaching end users. 5) Preparing incident response plans specifically for potential exploitation scenarios involving this vulnerability. Once a vendor patch is released, prioritize immediate testing and deployment. Additionally, consider virtual patching via intrusion prevention systems that can detect and block malformed AR file parsing attempts. Regularly update threat intelligence feeds for any emerging exploit indicators related to CVE-2025-7989.