PT-2026-40428 · Ashlar Vellum · Lithium+4
Published
2026-05-12
·
Updated
2026-05-12
·
CVE-2025-65086
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Ashlar-Vellum Cobalt versions prior to 12.6.1204.217
Ashlar-Vellum Xenon versions prior to 12.6.1204.217
Ashlar-Vellum Argon versions prior to 12.6.1204.217
Ashlar-Vellum Lithium versions prior to 12.6.1204.217
Ashlar-Vellum Cobalt Share versions prior to 12.6.1204.217
Description
An Out-of-Bounds Write occurs when a specially crafted VC6 file is parsed, which could allow an attacker to execute arbitrary code. Out-of-Bounds Write is a condition where software writes data past the end or before the beginning of the intended memory buffer.
Recommendations
Update Cobalt, Xenon, Argon, Lithium, and Cobalt Share to a version later than 12.6.1204.216.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Argon
Cobalt
Cobalt Share
Lithium
Xenon