CVE-2025-7995 is a high-severity remote code execution vulnerability affecting Ashlar-Vellum Cobalt version 12 SP1. The vulnerability arises from a type confusion flaw (CWE-843) in the parsing of CO files, which are specific to the Ashlar-Vellum Cobalt software. Type confusion occurs when the software incorrectly interprets user-supplied data as a different type than intended, leading to memory corruption and enabling an attacker to execute arbitrary code within the context of the vulnerable process. Exploitation requires user interaction, specifically the victim opening a maliciously crafted CO file or visiting a malicious webpage that triggers the parsing of such a file. The vulnerability does not require prior authentication but does require user interaction, which somewhat limits the attack vector to social engineering or targeted delivery of malicious files. The CVSS 3.0 score of 7.8 reflects high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. No known exploits are currently reported in the wild, but the vulnerability was publicly disclosed in September 2025. The lack of proper validation of user input during CO file parsing is the root cause, indicating a need for improved input sanitization and type checking within the application. This vulnerability was tracked as ZDI-CAN-25981 by the Zero Day Initiative.

For European organizations using Ashlar-Vellum Cobalt 12 SP1, this vulnerability poses a significant risk. Successful exploitation could lead to full compromise of the affected system, allowing attackers to execute arbitrary code, potentially leading to data theft, system manipulation, or disruption of operations. Given that Ashlar-Vellum Cobalt is a CAD/CAM software used in design and engineering workflows, compromise could result in intellectual property theft, sabotage of design files, or insertion of malicious modifications into engineering projects. This could have downstream effects on manufacturing, product development, and supply chains. The requirement for user interaction means phishing or social engineering campaigns could be used to deliver the exploit, increasing risk in environments where users frequently exchange design files or access external content. The high confidentiality and integrity impact is particularly concerning for organizations handling sensitive or proprietary designs. Availability impact could also disrupt critical design processes. The absence of known exploits in the wild suggests a window for proactive mitigation before widespread attacks occur.

European organizations should prioritize the following specific mitigations: 1) Immediately identify and inventory all installations of Ashlar-Vellum Cobalt 12 SP1 within their environment. 2) Apply vendor patches or updates as soon as they become available; if no patch is currently released, implement temporary controls such as disabling the automatic parsing of CO files or restricting the opening of CO files from untrusted sources. 3) Implement strict email and file filtering to block or quarantine suspicious CO files, especially from external or unknown senders. 4) Educate users on the risks of opening unsolicited or unexpected design files and the importance of verifying file sources. 5) Employ endpoint detection and response (EDR) solutions to monitor for anomalous behavior indicative of exploitation attempts, such as unexpected process launches or memory modifications related to Ashlar-Vellum Cobalt. 6) Use application whitelisting to restrict execution of unauthorized code and sandboxing to isolate the application where feasible. 7) Monitor threat intelligence feeds for any emerging exploits or indicators of compromise related to this vulnerability to enable rapid response.