top of page
perceptive_background_267k.jpg

Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share

Published:

25 november 2025 om 12:00:00

Alert date:

5 december 2025 om 08:03:22

Source:

cisa.gov

Click to open the original link from this advisory

CISA advisory reveals critical vulnerabilities in Ashlar-Vellum CAD software products including Cobalt, Xenon, Argon, Lithium, and Cobalt Share. Two high-severity vulnerabilities (CVE-2025-65084 and CVE-2025-65085) affect versions 12.6.1204.207 and prior, including an Out-of-Bounds Write (CWE-787) and Heap-based Buffer Overflow (CWE-122). Both vulnerabilities have CVSS v4 scores of 8.4 and could allow attackers to disclose information or execute arbitrary code. The vulnerabilities require local access and user interaction but have low attack complexity. Ashlar-Vellum has released patches in version 12.6.1204.208 and higher for all affected products.

Technical details

Mitigation steps:

Affected products:

Ashlar-Vellum Cobalt
Ashlar-Vellum Xenon
Ashlar-Vellum Argon
Ashlar-Vellum Lithium
Ashlar-Vellum Cobalt Share

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-01
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/787.html
https://www.cve.org/CVERecord?id=CVE-2025-65084
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
https://cwe.mitre.org/data/definitions/122.html
https://www.cve.org/CVERecord?id=CVE-2025-65085
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
https://www.cisa.gov/uscert/ncas/tips/ST04-014

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page