### Critical Vulnerability Information - **Vulnerability Name**: (0Day) Ashlar-Vellum Cobalt VC6 File Parsing Integer Overflow Remote Code Execution Vulnerability - **ZDI ID**: ZDI-25-637, ZDI-CAN-25704 - **CVE ID**: CVE-2025-7985 - **CVSS Score**: 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) - **Affected Vendor**: Ashlar-Vellum - **Affected Product**: Cobalt #### Vulnerability Details - **Description**: This vulnerability allows remote attackers to execute arbitrary code on affected Ashlar-Vellum Cobalt installations. Exploitation requires user interaction, where the target must access a malicious page or open a malicious file. - **Specific Issue**: A specific flaw exists during the parsing of VC6 files. Due to insufficient validation of user-supplied data, an integer overflow occurs before buffer allocation. Attackers can exploit this to execute code within the context of the current process. #### Additional Details - **Reporting Timeline**: - 2024-11-21: ZDI reported the vulnerability to the vendor - 2024-11-22: Vendor confirmed receipt of the report - 2025-03-12: ZDI requested an update - 2025-03-20: Vendor confirmed they were working on the issue - 2025-05-02: ZDI requested an update again 表 2025-07-15: ZDI notified the vendor that the vulnerability would be disclosed as a 0-day - **Mitigation**: Given the nature of the vulnerability, the only effective mitigation is to limit interaction with the product. #### Disclosure Timeline - 2024-11-21: Vulnerability reported to vendor - 2025-07-22: Coordinated public disclosure announcement - 2025-07-22: Updated disclosure announcement #### Acknowledgments - Rocco Calvi (@TecR0c) with TecSecurity