Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share

Plan Patch7.8ICS-CERT ICSA-25-329-01Nov 25, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share contain out-of-bounds write and write buffer overflow vulnerabilities (CWE-787, CWE-122) in how the applications process design files. Successful exploitation could allow an attacker to disclose information or execute arbitrary code on the affected workstation. These vulnerabilities are not remotely exploitable and require local file access and user interaction.

What this means

What could happen

An attacker with local access to a workstation running Ashlar-Vellum design software could execute arbitrary code or steal sensitive data by exploiting a memory corruption vulnerability in the application.

Who's at risk

Engineering and design professionals using Ashlar-Vellum CAD software (Cobalt, Xenon, Argon, Lithium, or Cobalt Share) on workstations. This affects design teams in manufacturing, architectural, and engineering firms who use these tools for technical drawings and design work.

How it could be exploited

An attacker with local or removable media access could provide a malicious file (such as a crafted design file) to a user. When the user opens the file in a vulnerable version of Cobalt, Xenon, Argon, Lithium, or Cobalt Share, the application could crash or execute arbitrary code with the permissions of the user running the application.

Prerequisites

Local file system access or ability to deliver a malicious file to the target user
User interaction required (user must open a crafted design file)
Vulnerable version of the software running on the workstation (version 12.6.1204.207 or earlier)

Memory corruption vulnerability (out-of-bounds write)Local file access requiredUser interaction required to exploitNo security updates available for affected versionsVendors have released patches but users must manually update

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

Cobalt: <=12.6.1204.207≤ 12.6.1204.20712.6.1204.208

Cobalt Share: <=12.6.1204.207≤ 12.6.1204.20712.6.1204.208

Xenon: <=12.6.1204.207≤ 12.6.1204.20712.6.1204.208

Argon: <=12.6.1204.207≤ 12.6.1204.20712.6.1204.208

Lithium: <=12.6.1204.207≤ 12.6.1204.20712.6.1204.208

Remediation & Mitigation

0/7

Do now

0/1

HARDENINGEducate users not to open design files from untrusted or unexpected sources

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Cobalt to version 12.6.1204.208 or higher

HOTFIXUpdate Xenon to version 12.6.1204.208 or higher

HOTFIXUpdate Argon to version 12.6.1204.208 or higher

HOTFIXUpdate Lithium to version 12.6.1204.208 or higher

HOTFIXUpdate Cobalt Share to version 12.6.1204.208 or higher

Long-term hardening

0/1

HARDENINGRestrict file sharing and removable media access on engineering workstations to authorized personnel only

CVEs (2)

CVE-2025-65084 CVE-2025-65085

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9ca9e8f8-e047-4c76-a368-d53a4dc12734