📄 Description (English)
An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed.
🤖 AI Executive Summary
CVE-2025-65087 is a high-severity out-of-bounds read vulnerability in Ashlar-Vellum CAD software (Cobalt, Xenon, Argon, Lithium, and Cobalt Share) affecting versions 12.6.1204.216 and earlier. Exploitation requires user interaction with malicious VC6 files and could lead to information disclosure or arbitrary code execution. No patch is currently available, making immediate compensating controls critical for Saudi organizations using these design tools.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 20, 2026 07:00
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations in engineering, architecture, manufacturing, and construction sectors are at elevated risk, particularly those using Ashlar-Vellum for CAD design work. Government entities managing infrastructure projects (ARAMCO, Saudi Aramco subsidiaries, Ministry of Transportation, Saudi Railways Organization) and private engineering firms are primary targets. The vulnerability could compromise sensitive design intellectual property, infrastructure blueprints, and project specifications. Financial impact includes potential data theft of proprietary designs and operational disruption during incident response.
🏢 Affected Saudi Sectors
Engineering and Architecture
Manufacturing and Industrial
Construction and Infrastructure
Government and Public Sector
Energy (ARAMCO and subsidiaries)
Transportation and Logistics
Real Estate and Urban Planning
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all Ashlar-Vellum installations (Cobalt, Xenon, Argon, Lithium, Cobalt Share) and document versions
2. Restrict file sharing and email receipt of VC6 files from untrusted sources
3. Implement application whitelisting to prevent unauthorized execution
4. Disable VC6 file association if not operationally required
COMPENSATING CONTROLS:
5. Implement network segmentation isolating CAD workstations from critical systems
6. Deploy endpoint detection and response (EDR) solutions with memory protection enabled
7. Monitor for suspicious process creation from Ashlar-Vellum applications
8. Restrict user privileges on CAD workstations to prevent privilege escalation
9. Implement file integrity monitoring on design repositories
DETECTION RULES:
- Monitor for Ashlar-Vellum process crashes or unexpected memory access patterns
- Alert on VC6 file opens from external/untrusted sources
- Track process spawning from Ashlar-Vellum executables (cobalt.exe, xenon.exe, argon.exe, lithium.exe)
- Monitor for unusual network connections from CAD applications
PATCHING:
10. Contact Ashlar-Vellum for patch availability timeline and interim security updates
11. Prepare patch deployment procedures for immediate application once available
12. Consider temporary migration to alternative CAD solutions if operationally feasible
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حصر جميع تثبيتات Ashlar-Vellum (Cobalt و Xenon و Argon و Lithium و Cobalt Share) وتوثيق الإصدارات
2. تقييد مشاركة الملفات واستقبال ملفات VC6 من مصادر غير موثوقة
3. تنفيذ قائمة بيضاء للتطبيقات لمنع التنفيذ غير المصرح به
4. تعطيل ارتباط ملف VC6 إذا لم يكن مطلوباً تشغيلياً
الضوابط التعويضية:
5. تنفيذ تقسيم الشبكة لعزل محطات عمل CAD عن الأنظمة الحرجة
6. نشر حلول كشف الاستجابة للنقاط الطرفية (EDR) مع تفعيل حماية الذاكرة
7. مراقبة إنشاء العمليات المريبة من تطبيقات Ashlar-Vellum
8. تقييد امتيازات المستخدم على محطات عمل CAD لمنع تصعيد الامتيازات
9. تنفيذ مراقبة سلامة الملفات على مستودعات التصميم
قواعد الكشف:
- مراقبة أعطال تطبيقات Ashlar-Vellum أو أنماط الوصول إلى الذاكرة غير المتوقعة
- تنبيهات فتح ملفات VC6 من مصادر خارجية/غير موثوقة
- تتبع العمليات المنبثقة من ملفات Ashlar-Vellum التنفيذية
- مراقبة الاتصالات الشبكية غير العادية من تطبيقات CAD
التصحيح:
10. الاتصال بـ Ashlar-Vellum للحصول على الجدول الزمني لتوفر التصحيح والتحديثات الأمنية المؤقتة
11. تحضير إجراءات نشر التصحيح للتطبيق الفوري عند توفره
12. النظر في الهجرة المؤقتة إلى حلول CAD بديلة إذا كان ذلك ممكناً تشغيلياً
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.5.2.1 - User access management and authorization
A.5.2.3 - Management of privileged access rights
A.5.3.1 - Password management
A.5.4.1 - Event logging and monitoring
A.5.4.2 - Protection of log information
A.5.5.1 - Installation and maintenance of security patches
A.5.7.1 - Malware protection
A.5.8.1 - Management of removable media
A.5.9.1 - Access control to networks and network services
🔵 SAMA CSF
Governance - Policy and Risk Management
Governance - Compliance and Audit
Protection - Access Control
Protection - Data Protection
Detection - Monitoring and Logging
Detection - Threat and Vulnerability Management
Response - Incident Management
🟡 ISO 27001:2022
A.5.1.1 - Policies for information security
A.5.2.1 - User registration and de-registration
A.5.2.3 - Management of privileged access rights
A.5.3.1 - Password management
A.5.4.1 - Event logging
A.5.4.2 - Protection of log information
A.5.5.1 - Installation of security patches
A.5.7.1 - Protection against malware
A.5.9.1 - Access control
A.8.1.1 - Screening of personnel
📦 Affected Products / CPE 5 entries
ashlar:argon
ashlar:cobalt
ashlar:cobalt_share
ashlar:lithium
ashlar:xenon