CVE-2025-11465

Name of the Vulnerable Software and Affected Versions Ashlar-Vellum Cobalt (affected versions not specified)

Description This issue is a use-after-free remote code execution flaw in Ashlar-Vellum Cobalt. It allows remote attackers to execute arbitrary code on affected systems. User interaction is required, specifically the need for a target to visit a malicious page or open a malicious file. The flaw resides in the parsing of CO files, stemming from a lack of validation to confirm the existence of an object before operations are performed on it. An attacker can exploit this to execute code within the current process context.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.