CVE-2025-7991 is a high-severity vulnerability affecting Ashlar-Vellum Cobalt version 12 SP1, specifically within its VC6 file parsing functionality. The root cause is an out-of-bounds read (CWE-125) due to improper validation of user-supplied data when parsing VC6 files. This flaw allows an attacker to read beyond the allocated memory buffer, which can lead to remote code execution (RCE) in the context of the current process. Exploitation requires user interaction, such as opening a maliciously crafted VC6 file or visiting a malicious webpage that triggers the vulnerable parsing routine. The vulnerability does not require prior authentication and has a CVSS 3.0 base score of 7.8, indicating high severity. The attack vector is local (AV:L), meaning the attacker must have local access or trick the user into opening a malicious file. The vulnerability impacts confidentiality, integrity, and availability, as arbitrary code execution can lead to full system compromise. No known exploits are currently reported in the wild, but the presence of this vulnerability in a specialized CAD software product used for design and modeling poses a significant risk if weaponized. The vulnerability was assigned by ZDI (Zero Day Initiative) and is publicly disclosed as of September 2025. No patches or mitigations have been linked yet, so affected users should be vigilant and consider defensive measures.

For European organizations, especially those in engineering, manufacturing, architecture, and design sectors that rely on Ashlar-Vellum Cobalt for CAD and modeling tasks, this vulnerability presents a critical risk. Successful exploitation could allow attackers to execute arbitrary code, potentially leading to theft of intellectual property, disruption of design workflows, and compromise of sensitive project data. Given the nature of the software, targeted attacks could result in sabotage or espionage against high-value industrial or infrastructure projects. The requirement for user interaction means phishing or social engineering campaigns could be used to deliver malicious files. The impact extends beyond individual workstations, as compromised machines could serve as footholds for lateral movement within corporate networks, threatening broader organizational security. Confidentiality breaches could expose proprietary designs, while integrity violations could corrupt critical design files, causing costly delays or safety risks. Availability could also be affected if attackers deploy ransomware or destructive payloads post-exploitation.

1. Immediate mitigation should include restricting the opening of VC6 files from untrusted or unknown sources. 2. Implement strict email filtering and user training to reduce the risk of phishing attacks delivering malicious VC6 files. 3. Employ application whitelisting and sandboxing techniques to limit the execution context of Ashlar-Vellum Cobalt, preventing arbitrary code execution from escalating privileges or affecting other system components. 4. Monitor network and endpoint logs for unusual behavior related to file parsing or unexpected process activity from Ashlar-Vellum Cobalt. 5. Coordinate with Ashlar-Vellum for timely patch deployment once available; in the meantime, consider disabling or limiting the use of vulnerable features if feasible. 6. Use endpoint detection and response (EDR) solutions to detect exploitation attempts and respond rapidly. 7. Maintain regular backups of critical design files and ensure backup integrity to recover from potential ransomware or data corruption attacks.