CVE-2025-7989 is a high-severity vulnerability affecting Ashlar-Vellum Cobalt version 12 SP1, specifically within its AR file parsing functionality. The root cause is an out-of-bounds read (CWE-125) due to improper validation of user-supplied data when processing AR files. This flaw allows an attacker to read beyond the allocated memory buffer, which can lead to remote code execution (RCE) in the context of the current process. Exploitation requires user interaction, such as opening a maliciously crafted AR file or visiting a malicious webpage that triggers the vulnerable parser. The vulnerability does not require prior authentication and has a CVSS 3.0 base score of 7.8, reflecting high impact on confidentiality, integrity, and availability. The attack vector is local (AV:L), meaning the attacker must have some local access or induce the user to open a malicious file locally, but no privileges are required (PR:N). The vulnerability was publicly disclosed on September 17, 2025, and is tracked as ZDI-CAN-25943 by the Zero Day Initiative. No known exploits in the wild have been reported yet, and no patches have been linked at the time of disclosure. The vulnerability poses a significant risk because successful exploitation can lead to arbitrary code execution, potentially allowing attackers to take full control of affected systems running Ashlar-Vellum Cobalt 12 SP1.

For European organizations using Ashlar-Vellum Cobalt 12 SP1, this vulnerability could have severe consequences. Ashlar-Vellum Cobalt is a CAD software used in design, engineering, and manufacturing sectors, which are critical industries in Europe. Exploitation could lead to unauthorized access to sensitive intellectual property, disruption of design workflows, and potential sabotage of engineering projects. The ability to execute arbitrary code remotely could also allow attackers to deploy malware, ransomware, or establish persistent footholds within corporate networks. Given the requirement for user interaction, phishing or social engineering campaigns could be leveraged to trick employees into opening malicious files. This risk is particularly acute for organizations with less mature cybersecurity awareness or insufficient endpoint protections. The confidentiality, integrity, and availability of design data and systems could be compromised, impacting business continuity and competitive advantage.

To mitigate this vulnerability, European organizations should: 1) Immediately restrict the use of Ashlar-Vellum Cobalt 12 SP1 to trusted sources and environments until a vendor patch is available. 2) Implement strict email and web filtering to block or quarantine suspicious AR files and links that could deliver malicious payloads. 3) Educate users about the risks of opening unsolicited or unexpected files, especially AR files, and reinforce phishing awareness training. 4) Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor and block anomalous behaviors indicative of exploitation attempts. 5) Use sandboxing technologies to open AR files in isolated environments before allowing access on production systems. 6) Maintain regular backups of critical design data to enable recovery in case of compromise. 7) Monitor vendor communications closely for patches or updates and apply them promptly once available. 8) Consider network segmentation to limit the spread of potential infections from compromised endpoints running Ashlar-Vellum Cobalt.