Out-Of-Bounds Read Vulnerability in Ashlar-Vellum Cobalt XE
CVE-2025-8006

7.8HIGH

Key Information:

Vendor: Ashlar-vellum
Status: Cobalt
Vendor: CVE Published:; 17 September 2025

🔔 Create Ashlar-vellum Vulnerability Alert

What is CVE-2025-8006?

The vulnerability presents itself during the parsing of XE files in Ashlar-Vellum Cobalt XE. The flaw arises from insufficient validation of user-supplied data, allowing an attacker to read beyond the allocated data structure. Consequently, this could lead to the execution of arbitrary code within the current process, provided that the user interacts by visiting a malicious site or opening a compromised file. Awareness and prompt action are crucial to mitigate potential exploitation.

Affected Version(s)

Cobalt 12 SP1

References

https://www.zerodayinitiative.com/advisories/ZDI-25-725/

x_research-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Jul 21, 2025