CVE-2025-7992 is a high-severity vulnerability affecting Ashlar-Vellum Cobalt version 12 SP1, specifically in the AR file parsing component. The root cause is an out-of-bounds read (CWE-125) due to improper validation of user-supplied data when parsing AR files. This flaw allows an attacker to read beyond the allocated memory buffer, which can lead to remote code execution (RCE) within the context of the current process. Exploitation requires user interaction, such as opening a maliciously crafted AR file or visiting a malicious webpage that triggers the vulnerable parser. The vulnerability does not require prior authentication and has a CVSS 3.0 base score of 7.8, indicating high severity. The attack vector is local (AV:L), meaning the attacker must have some level of access to deliver the malicious file or link, but no privileges are required (PR:N). The vulnerability impacts confidentiality, integrity, and availability (all rated high), as arbitrary code execution can lead to full compromise of the affected system. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability was assigned by the Zero Day Initiative (ZDI) under ZDI-CAN-25972 and publicly disclosed in September 2025.

For European organizations using Ashlar-Vellum Cobalt 12 SP1, this vulnerability poses a significant risk. Successful exploitation could allow attackers to execute arbitrary code remotely, potentially leading to data theft, system compromise, or disruption of critical design and engineering workflows. Given that Ashlar-Vellum Cobalt is specialized CAD software, organizations in sectors such as manufacturing, engineering, architecture, and product design are particularly at risk. Compromise of these systems could result in intellectual property theft, sabotage of design files, and operational downtime. The requirement for user interaction means phishing or social engineering campaigns could be effective attack vectors, increasing the risk in environments with less stringent user awareness training. The high impact on confidentiality, integrity, and availability underscores the critical nature of this vulnerability for organizations relying on this software for sensitive or mission-critical design processes.

Organizations should immediately identify and inventory all installations of Ashlar-Vellum Cobalt 12 SP1 within their environment. Until a vendor patch is available, implement strict controls on the handling of AR files, including disabling automatic opening or previewing of AR files in email clients and browsers. Employ application whitelisting and sandboxing techniques to isolate the Cobalt application and limit the impact of potential exploitation. Enhance user awareness training focused on recognizing phishing attempts and suspicious files, emphasizing the risks of opening unsolicited AR files. Network segmentation can reduce exposure by limiting access to systems running the vulnerable software. Monitor logs and endpoint detection systems for unusual activity related to the Cobalt process. Once a patch is released, prioritize immediate deployment. Additionally, consider implementing file integrity monitoring on critical design files to detect unauthorized modifications.