CVE-2025-7993 is a high-severity use-after-free vulnerability (CWE-416) found in Ashlar-Vellum Cobalt version 1204.91, specifically within the parsing of LI files. The vulnerability arises because the software fails to validate the existence of an object before performing operations on it, leading to a use-after-free condition. This flaw can be exploited remotely by an attacker who can convince a user to open a malicious LI file or visit a malicious page containing such a file. Successful exploitation allows the attacker to execute arbitrary code within the context of the current process, potentially leading to full compromise of the affected system. The vulnerability requires user interaction, meaning the victim must actively open or interact with malicious content. The CVSS 3.0 score is 7.8, indicating a high severity with high impact on confidentiality, integrity, and availability. The attack vector is local (AV:L), but no privileges are required (PR:N), and user interaction is necessary (UI:R). No known exploits are currently reported in the wild, but the vulnerability is publicly disclosed and assigned by ZDI (ZDI-CAN-25355).

For European organizations using Ashlar-Vellum Cobalt, particularly version 1204.91, this vulnerability poses a significant risk. Exploitation could lead to remote code execution, allowing attackers to gain control over affected workstations or servers. This could result in data theft, unauthorized access to intellectual property, disruption of design workflows, and potential lateral movement within corporate networks. Given that Ashlar-Vellum Cobalt is a CAD software used in design and engineering, compromised systems could impact critical infrastructure projects, manufacturing, and product development. The requirement for user interaction means phishing or social engineering campaigns could be leveraged to deliver malicious LI files. The high impact on confidentiality, integrity, and availability could lead to operational downtime and loss of sensitive design data, which may have regulatory and financial consequences under European data protection laws.

Organizations should immediately identify and inventory all installations of Ashlar-Vellum Cobalt version 1204.91. Until a patch is released, users should be instructed to avoid opening LI files from untrusted sources and to be cautious when visiting unknown or suspicious web pages. Implementing email and web filtering to block or quarantine LI files can reduce exposure. Employ endpoint protection solutions capable of detecting anomalous behavior related to file parsing and code execution. Network segmentation should be used to limit the spread of potential compromise. Additionally, organizations should monitor for unusual process activity associated with Ashlar-Vellum Cobalt and conduct user awareness training focused on the risks of opening unsolicited files. Once a vendor patch becomes available, it should be applied promptly. If patching is delayed, consider application whitelisting or sandboxing Ashlar-Vellum Cobalt to restrict execution of untrusted code.