📄 Description (English)
An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed.
🤖 AI Executive Summary
CVE-2025-65086 is a critical out-of-bounds write vulnerability in Ashlar-Vellum CAD software (Cobalt, Xenon, Argon, Lithium, and Cobalt Share) affecting versions 12.6.1204.216 and earlier. Exploitation occurs through specially crafted VC6 files, enabling arbitrary code execution with the privileges of the affected application. While no public exploit is currently available, the vulnerability poses significant risk to organizations using these design tools, particularly in engineering and manufacturing sectors.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 20, 2026 07:01
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations in engineering, architecture, and manufacturing sectors using Ashlar-Vellum products face direct risk of arbitrary code execution. Critical impact areas include: (1) ARAMCO and downstream petroleum engineering firms relying on CAD design tools, (2) Government engineering departments and municipalities using these applications for infrastructure planning, (3) Construction and real estate development companies, (4) Defense and aerospace contractors. The vulnerability could lead to intellectual property theft, design manipulation, supply chain compromise, and operational disruption. Organizations in the Kingdom's Vision 2030 infrastructure projects are particularly vulnerable if using affected versions.
🏢 Affected Saudi Sectors
Engineering and Architecture
Petroleum and Energy (ARAMCO and contractors)
Government and Public Administration
Construction and Real Estate Development
Defense and Aerospace
Manufacturing and Industrial Design
Infrastructure and Urban Planning
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all Ashlar-Vellum installations (Cobalt, Xenon, Argon, Lithium, Cobalt Share) and identify systems running versions 12.6.1204.216 or earlier
2. Restrict file handling of VC6 files from untrusted sources until patching is available
3. Implement network segmentation to isolate CAD workstations from critical systems
4. Disable automatic file opening and preview features for VC6 files
COMPENSATING CONTROLS:
5. Implement application whitelisting on CAD workstations
6. Deploy endpoint detection and response (EDR) solutions with behavioral monitoring
7. Monitor for suspicious process creation and memory access patterns from Ashlar-Vellum processes
8. Restrict user privileges on CAD workstations to least-privilege principles
9. Implement file integrity monitoring on design repositories
PATCHING GUIDANCE:
10. Contact Ashlar-Vellum for patch availability and timeline
11. Establish testing environment for patch validation before production deployment
12. Plan phased rollout of patches across organization
DETECTION RULES:
13. Monitor for VC6 file access from external sources or email attachments
14. Alert on Ashlar-Vellum process crashes or unexpected memory access violations
15. Track file modifications in CAD design directories for unauthorized changes
16. Monitor for process injection attempts targeting Ashlar-Vellum applications
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. قم بحصر جميع تثبيتات Ashlar-Vellum (Cobalt و Xenon و Argon و Lithium و Cobalt Share) وحدد الأنظمة التي تعمل بالإصدارات 12.6.1204.216 أو الأقدم
2. قيد معالجة ملفات VC6 من المصادر غير الموثوقة حتى يتوفر التصحيح
3. طبق تقسيم الشبكة لعزل محطات عمل CAD عن الأنظمة الحرجة
4. عطل ميزات فتح الملفات التلقائية ومعاينة ملفات VC6
الضوابط البديلة:
5. طبق قائمة بيضاء للتطبيقات على محطات عمل CAD
6. نشر حلول الكشف والاستجابة للنقاط النهائية (EDR) مع المراقبة السلوكية
7. راقب إنشاء العمليات المريبة وأنماط الوصول إلى الذاكرة من عمليات Ashlar-Vellum
8. قيد امتيازات المستخدم على محطات عمل CAD وفقاً لمبدأ أقل امتياز
9. طبق مراقبة سلامة الملفات على مستودعات التصميم
إرشادات التصحيح:
10. اتصل بـ Ashlar-Vellum للحصول على توفر التصحيح والجدول الزمني
11. أنشئ بيئة اختبار للتحقق من صحة التصحيح قبل النشر في الإنتاج
12. خطط لنشر مرحلي للتصحيحات عبر المنظمة
قواعد الكشف:
13. راقب الوصول إلى ملفات VC6 من مصادر خارجية أو مرفقات البريد الإلكتروني
14. أصدر تنبيهات عند تعطل عمليات Ashlar-Vellum أو انتهاكات الوصول إلى الذاكرة غير المتوقعة
15. تتبع تعديلات الملفات في أدلة تصميم CAD للتغييرات غير المصرح بها
16. راقب محاولات حقن العمليات التي تستهدف تطبيقات Ashlar-Vellum
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development policy
A.12.3.1 - Control of operational software
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification
PR.IP-12 - Software development and change management
DE.CM-8 - Vulnerability scans and assessments
🟡 ISO 27001:2022
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development policy and procedures
A.12.3.1 - Control of operational software
📦 Affected Products / CPE 5 entries
ashlar:argon
ashlar:cobalt
ashlar:cobalt_share
ashlar:lithium
ashlar:xenon