CVE-2025-7999 is a high-severity remote code execution vulnerability affecting Ashlar-Vellum Cobalt version 12 SP1. The vulnerability arises from a type confusion flaw (CWE-843) in the AR file parsing functionality of the software. Specifically, the application fails to properly validate user-supplied data when processing AR files, leading to a type confusion condition. This flaw can be exploited by an attacker who convinces a user to open a maliciously crafted AR file or visit a malicious webpage that triggers the vulnerable parsing logic. Successful exploitation allows the attacker to execute arbitrary code within the context of the current process, potentially leading to full compromise of the affected system. The vulnerability requires user interaction (opening a file or visiting a page) and does not require prior authentication. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no known exploits are currently observed in the wild, the vulnerability was reported by the Zero Day Initiative (ZDI) under advisory ZDI-CAN-26049 and is publicly disclosed as of September 17, 2025. No patches or mitigations have been linked yet, indicating that affected users should prioritize defensive measures and monitoring until an official fix is released.

For European organizations using Ashlar-Vellum Cobalt 12 SP1, this vulnerability poses a significant risk. The ability for remote attackers to execute arbitrary code can lead to data breaches, intellectual property theft, disruption of business operations, and potential lateral movement within networks. Given that Ashlar-Vellum Cobalt is a CAD/design software, organizations in sectors such as manufacturing, engineering, architecture, and product design are particularly at risk. Compromise of design files or CAD workstations could result in loss of sensitive design data or sabotage of product development processes. The requirement for user interaction means that targeted phishing or social engineering campaigns could be effective attack vectors. Additionally, the high impact on confidentiality, integrity, and availability means that exploitation could severely disrupt workflows and damage organizational reputation. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits following public disclosure.

1. Implement strict email and web filtering to block malicious AR files and URLs that could deliver exploit payloads. 2. Educate users, especially those in design and engineering roles, about the risks of opening unsolicited or suspicious AR files and visiting untrusted websites. 3. Employ application whitelisting and sandboxing techniques for Ashlar-Vellum Cobalt to limit the impact of potential code execution. 4. Monitor endpoint behavior for unusual activity indicative of exploitation attempts, such as unexpected process launches or network connections originating from CAD workstations. 5. Maintain up-to-date backups of critical design data to enable recovery in case of compromise. 6. Coordinate with Ashlar-Vellum for timely patch deployment once an official fix is released. 7. Consider network segmentation to isolate design workstations from sensitive or critical infrastructure to reduce lateral movement opportunities.