216.73.217.22

CVE-2025-41392

· Published 18/08/2025 21:15 · Modified 18/08/2025 21:15

Labels: CVE-2025-41392 2025-08-18CVE-2025-41392CWE-125[email protected]

Essential information

Published
18/08/2025 21:15
Modified
18/08/2025 21:15
Author
Creator
CVSS
8.4 HIGH (v3) 8.4 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ashlar-vellum / cobalt cpe:2.3:a:ashlar-vellum:cobalt:<12.6.1204.204:*:*:*:*:*:*:*
ashlar-vellum / xenon cpe:2.3:a:ashlar-vellum:xenon:<12.6.1204.204:*:*:*:*:*:*:*
ashlar-vellum / argon cpe:2.3:a:ashlar-vellum:argon:<12.6.1204.204:*:*:*:*:*:*:*
ashlar-vellum / lithium cpe:2.3:a:ashlar-vellum:lithium:<12.6.1204.204:*:*:*:*:*:*:*
ashlar-vellum / share cpe:2.3:a:ashlar-vellum:share:<12.6.1204.204:*:*:*:*:*:*:*

References