CVE-2025-7991 is a high-severity vulnerability affecting Ashlar-Vellum Cobalt version 12 SP1, specifically within its VC6 file parsing functionality. The vulnerability is classified as an out-of-bounds read (CWE-125), which occurs due to improper validation of user-supplied data when parsing VC6 files. This flaw allows an attacker to read beyond the allocated memory buffer, potentially leading to remote code execution (RCE) in the context of the current process. Exploitation requires user interaction, such as opening a maliciously crafted VC6 file or visiting a malicious web page that triggers the file parsing. The vulnerability does not require prior authentication or elevated privileges, making it accessible to remote attackers. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity but requiring user interaction. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the ability to execute arbitrary code remotely, which could lead to full system compromise or lateral movement within a network. The vulnerability was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-25945 and publicly disclosed in September 2025. No official patches or mitigations have been linked yet, increasing the urgency for organizations to apply compensating controls.

For European organizations, the impact of CVE-2025-7991 can be substantial, especially for those relying on Ashlar-Vellum Cobalt 12 SP1 for CAD or design workflows. Successful exploitation could lead to unauthorized disclosure of sensitive design data, intellectual property theft, and potential disruption of critical design operations. The ability to execute arbitrary code remotely could allow attackers to deploy malware, ransomware, or establish persistent footholds within corporate networks. This is particularly concerning for industries such as manufacturing, aerospace, automotive, and engineering sectors prevalent in Europe, where design integrity and confidentiality are paramount. Additionally, compromised systems could serve as pivot points for broader attacks against enterprise infrastructure. The requirement for user interaction means that phishing or social engineering campaigns could be leveraged to facilitate exploitation, increasing the risk profile for organizations with less mature security awareness programs.

Given the absence of an official patch, European organizations should implement the following specific mitigations: 1) Restrict the opening of VC6 files from untrusted or external sources by enforcing strict file handling policies and sandboxing the application environment. 2) Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor and block suspicious behaviors associated with Ashlar-Vellum Cobalt processes. 3) Enhance user training to recognize and avoid opening suspicious files or links, reducing the likelihood of successful social engineering. 4) Utilize network segmentation to isolate systems running Ashlar-Vellum Cobalt from critical infrastructure to limit lateral movement in case of compromise. 5) Monitor logs and network traffic for anomalies related to file parsing or unexpected process executions. 6) Engage with the vendor for timely updates and apply patches immediately upon release. 7) Consider deploying virtualized or containerized environments for running vulnerable software to contain potential exploitation.