CVE-2025-41392

High CVSS: 8.4

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Vendor

Ashlar

Product

Argon

CWE

CWE-125

Yayın Tarihi

2025-08-18 21:15:30

Güncelleme

2025-11-28 16:36:59

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-125 Argon HIGH Ashlar 2025

Referanslar

https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-01

Benzer Kayıtlar

High

CVE-2025-65084

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share version…

High

CVE-2025-65085

A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v…

High

CVE-2025-11463

Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows rem…

High

CVE-2025-11464

Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability…

High

CVE-2025-11465

Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remot…

High

CVE-2025-8000

Ashlar-Vellum Cobalt LI File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remot…