CVE-2025-7990 is a high-severity vulnerability classified as CWE-787 (Out-of-bounds Write) affecting Ashlar-Vellum Cobalt version 12 SP1. The vulnerability arises from improper validation of user-supplied data during the parsing of VC6 files, which leads to a write operation beyond the allocated memory boundary. This memory corruption flaw can be exploited by an attacker to execute arbitrary code remotely within the context of the vulnerable process. Exploitation requires user interaction, specifically the victim opening a maliciously crafted VC6 file or visiting a malicious webpage that triggers the vulnerable file parsing. The vulnerability does not require prior authentication and has a CVSS 3.0 base score of 7.8, indicating high severity with high impact on confidentiality, integrity, and availability. The flaw was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-25944 and publicly disclosed in September 2025. No public exploits are currently known in the wild, but the potential for remote code execution makes this a critical risk for affected environments. The vulnerability affects a specialized CAD software product, Ashlar-Vellum Cobalt, which is used for design and modeling tasks, meaning that exploitation could lead to compromise of design intellectual property, disruption of engineering workflows, and potential lateral movement within corporate networks if leveraged by attackers.

For European organizations using Ashlar-Vellum Cobalt 12 SP1, this vulnerability poses significant risks. Successful exploitation can lead to full compromise of the affected workstation or server, allowing attackers to execute arbitrary code, steal sensitive design data, or disrupt critical engineering operations. This is particularly impactful for industries reliant on CAD software such as manufacturing, automotive, aerospace, and architecture sectors prevalent in Europe. Confidentiality breaches could expose proprietary designs or trade secrets, while integrity violations could corrupt design files leading to costly errors or safety issues. Availability impacts could halt production or design cycles, causing financial and reputational damage. Given the requirement for user interaction, phishing or social engineering campaigns targeting European employees could be an effective attack vector. The lack of known exploits in the wild currently reduces immediate risk, but the high severity and potential impact warrant urgent attention to prevent future exploitation.

Organizations should implement a multi-layered mitigation approach. First, they must monitor Ashlar-Vellum's official channels for patches or updates addressing CVE-2025-7990 and apply them promptly once available. In the absence of patches, restrict or disable the opening of untrusted VC6 files, especially from email attachments or unverified sources. Employ endpoint protection solutions capable of detecting anomalous behavior related to memory corruption or suspicious file parsing activities. Educate users about the risks of opening files from unknown or untrusted origins and implement strict email filtering to block potentially malicious attachments. Network segmentation can limit the spread of compromise from affected hosts. Additionally, consider application whitelisting and sandboxing techniques to contain the execution context of Ashlar-Vellum Cobalt. Regular backups of design files should be maintained to recover from potential data corruption or ransomware attacks stemming from exploitation.