CVE-2025-53705 HIGH

CVE-2025-53705: Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Out-of-bounds Write

Vendor Ashlar-Vellum

Product Cobalt

Weakness CWE-787

Published August 18, 2025

Last update August 19, 2025

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Key dates

02Disclosure timeline

August 18, 2025 CVE published

August 19, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-53705 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2025-53705

CWE CWE-787

CVSS 8.4 / HIGH

Affected versions

Vendor Ashlar-Vellum

Product Cobalt

Affected < 12.6.1204.204

Vendor Ashlar-Vellum

Product Xenon

Affected < 12.6.1204.204

Vendor Ashlar-Vellum

Product Argon

Affected < 12.6.1204.204

Vendor Ashlar-Vellum

Product Lithium

Affected < 12.6.1204.204

Vendor Ashlar-Vellum

Product Cobalt Share

Affected < 12.6.1204.204

CVE-2025-53705: Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share Out-of-bounds Write

01Description

02Disclosure timeline

03References

04Related CVE