SecuriTricks - CVE-2025-65085

Description

A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.

Product(s) Impacted

Vendor	Product	Versions
Ashlar	Argon Cobalt Cobalt Share Lithium Xenon	* * * * *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	ashlar	argon	/	/	/	/	/	/	/	/
a	ashlar	cobalt	/	/	/	/	/	/	/	/
a	ashlar	cobalt_share	/	/	/	/	/	/	/	/
a	ashlar	lithium	/	/	/	/	/	/	/	/
a	ashlar	xenon	/	/	/	/	/	/	/	/

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-01

CVSS Score

8.4 / 10

CVSS Data - 4.0

Attack Vector: LOCAL
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: NONE
User Interaction: ACTIVE
Scope:
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: Nov. 25, 2025, 6:15 p.m.
Last Modified: Nov. 28, 2025, 4:24 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

ics-cert@hq.dhs.gov

CVE-2025-65085