Heap-based Buffer Overflow Vulnerability in Ashlar-Vellum Cobalt CO File Parsing
CVE-2025-11464

7.8HIGH

Key Information:

Vendor: Ashlar-vellum
Status: Cobalt
Vendor: CVE Published:; 29 October 2025

🔔 Create Ashlar-vellum Vulnerability Alert

What is CVE-2025-11464?

A heap-based buffer overflow vulnerability exists in Ashlar-Vellum Cobalt due to inadequate validation of user-supplied data length when parsing CO files. This flaw can be exploited remotely by attackers to execute arbitrary code within the context of the affected process. To successfully carry out the exploit, user action is required, such as visiting a compromised webpage or opening a malicious file. This security issue emphasizes the need for robust input validation mechanisms in software applications to prevent unauthorized code execution.

Affected Version(s)

Cobalt 1204.97

References

https://www.zerodayinitiative.com/advisories/ZDI-25-955/

x_research-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Oct 7, 2025

JSON