Out-of-Bounds Write Vulnerability in Ashlar-Vellum Cobalt and Related Products
CVE-2025-65086

8.4HIGH

Key Information:

Vendor: Ashlar-vellum
Status: Cobalt; Xen Projecton; Argon; Lithium
Vendor: CVE Published:; 12 May 2026

🔔 Create Ashlar-vellum Vulnerability Alert

What is CVE-2025-65086?

An Out-of-Bounds Write vulnerability exists in versions of Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share prior to 12.6.1204.216. This flaw can enable an attacker to execute arbitrary code when a specially crafted VC6 file is parsed, posing significant security risks to users.

Affected Version(s)

Argon 0 <= 12.6.1204.216

Cobalt 0 <= 12.6.1204.216

Cobalt Share 0 <= 12.6.1204.216

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-3...

government-resource

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Nov 17, 2025

Credit

Michael Heinzl reported these vulnerabilities to CISA.

CVE-2025-65086 Data

JSON