CVE-2025-65084

Published: Nov 25, 2025Modified: May 12, 2026

8.4

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: ics-cert@hq.dhs.gov (Secondary)

Description

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code.

Affected (5)

Products: Ashlar: Argon, Cobalt, Cobalt Share, Lithium, Xenon

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ashlar Argon	Up to 12.2.1204.207
Ashlar Cobalt	Up to 12.2.1204.207
Ashlar Cobalt Share	Up to 12.2.1204.207
Ashlar Lithium	Up to 12.2.1204.207
Ashlar Xenon	Up to 12.2.1204.207

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.