CVE-2025-7994: CWE-125: Out-of-bounds Read in Ashlar-Vellum Cobalt
Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25976.
CVE-2025-7994: CWE-125: Out-of-bounds Read in Ashlar-Vellum Cobalt
Description
Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25976.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2025-07-21T19:50:12.417Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 68cb20e9c138e352740b9f77
Added to database: 9/17/2025, 8:58:17 PM
Last updated: 9/17/2025, 8:58:17 PM
Views: 1
Related Threats
CVE-2025-8006: CWE-125: Out-of-bounds Read in Ashlar-Vellum Cobalt
HighCVE-2025-8005: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Ashlar-Vellum Cobalt
HighCVE-2025-8004: CWE-125: Out-of-bounds Read in Ashlar-Vellum Cobalt
HighCVE-2025-8003: CWE-125: Out-of-bounds Read in Ashlar-Vellum Cobalt
HighCVE-2025-8002: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Ashlar-Vellum Cobalt
HighActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.