CVE-2025-65086

Published: May 12, 2026Modified: May 14, 2026

8.4

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: ics-cert@hq.dhs.gov (Secondary)

Description

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed.

Affected (5)

Products: Ashlar: Argon, Cobalt, Cobalt Share, Lithium, Xenon

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ashlar Argon	Up to 12.6.1204.216
Ashlar Cobalt	Up to 12.6.1204.216
Ashlar Cobalt Share	Up to 12.6.1204.216
Ashlar Lithium	Up to 12.6.1204.216
Ashlar Xenon	Up to 12.6.1204.216

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.