cbcvebase.
CVE-2025-65084
published 2025-11-25

CVE-2025-65084: An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.30%
21.5th percentile
An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code.

Affected

10 ranges
VendorProductVersion rangeFixed in
ashlar-vellumargon<= 12.6.1204.216
ashlar-vellumcobalt<= 12.6.1204.216
ashlar-vellumcobalt_share<= 12.6.1204.216
ashlar-vellumlithium<= 12.6.1204.216
ashlar-vellumxenon<= 12.6.1204.216
ashlarargon<= 12.2.1204.207
ashlarcobalt<= 12.2.1204.207
ashlarcobalt_share<= 12.2.1204.207
ashlarlithium<= 12.2.1204.207
ashlarxenon<= 12.2.1204.207

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-65084 is an Out-of-Bounds Write (CWE-787) triggered via local file parsing with user interaction (UI:R); monitor for suspicious file opens in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, or Cobalt Share processes on versions 12.6.1204.207 and prior.
  • Attack vector is local (AV:L) with no privilege required and user interaction required (UI:R/UI:A); a likely delivery mechanism is a malicious file sent via email or other social engineering. Flag unsolicited attachments targeting Ashlar-Vellum users.
  • These vulnerabilities are not remotely exploitable; focus detection on endpoint process monitoring for Ashlar-Vellum application crashes or anomalous child process spawning indicative of code execution post-exploitation.
  • ·Affected version range differs between NVD and CISA advisory: NVD states '12.6.1204.216 and prior' while CISA states '12.6.1204.207 and prior'. Use the CISA advisory version (12.6.1204.207) as the authoritative boundary for detection/patching decisions until reconciled by the vendor.
  • ·No known public exploitation has been reported as of the advisory publication date (November 25, 2025); threat hunting priority should be adjusted accordingly.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.4HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.