📄 Description (English)
An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed.
🤖 AI Executive Summary
CVE-2025-65088 is a high-severity out-of-bounds read vulnerability in Ashlar-Vellum CAD software (Cobalt, Xenon, Argon, Lithium, and Cobalt Share) affecting versions 12.6.1204.216 and earlier. Exploitation requires user interaction with malicious VC6 files and could lead to information disclosure or arbitrary code execution. While no exploit is currently available, the lack of patches makes this a significant risk for organizations using these design tools.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 20, 2026 07:01
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi engineering, architecture, and manufacturing sectors that rely on Ashlar-Vellum CAD tools for design work. Critical exposure exists in: (1) Engineering consulting firms and contractors working on major infrastructure projects (NEOM, Vision 2030 initiatives); (2) Manufacturing and industrial design companies; (3) Government technical departments and municipalities using CAD for planning; (4) Educational institutions teaching CAD design. The attack vector requires user interaction with malicious VC6 files, making social engineering and supply chain attacks viable threat vectors. Information disclosure could expose proprietary designs, technical specifications, and sensitive project details.
🏢 Affected Saudi Sectors
Engineering and Architecture
Manufacturing and Industrial Design
Government and Municipalities
Education and Training
Construction and Infrastructure
Defense and Security
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all Ashlar-Vellum installations (Cobalt, Xenon, Argon, Lithium, Cobalt Share) and identify systems running versions 12.6.1204.216 or earlier
2. Restrict file sharing and implement email gateway controls to block VC6 file attachments from external sources
3. Educate users not to open VC6 files from untrusted sources
4. Disable file preview functionality if available
COMPENSATING CONTROLS (until patch available):
5. Implement application whitelisting to restrict Ashlar-Vellum execution
6. Use network segmentation to isolate CAD workstations from critical systems
7. Monitor file access logs for suspicious VC6 file operations
8. Implement DLP (Data Loss Prevention) rules to prevent exfiltration of design files
DETECTION:
9. Monitor for abnormal process behavior from Ashlar-Vellum processes (memory access violations, unexpected child processes)
10. Alert on VC6 file downloads from external sources or suspicious file transfers
11. Track system crashes or access violations related to Ashlar-Vellum processes
PATCHING:
12. Contact Ashlar-Vellum support for patch availability timeline
13. Plan immediate patching once updates are released
14. Test patches in isolated environment before production deployment
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. قم بحصر جميع تثبيتات Ashlar-Vellum (Cobalt و Xenon و Argon و Lithium و Cobalt Share) وحدد الأنظمة التي تعمل بالإصدارات 12.6.1204.216 أو الأقدم
2. قيد مشاركة الملفات وطبق عناصر تحكم بوابة البريد الإلكتروني لحظر مرفقات ملفات VC6 من مصادر خارجية
3. علم المستخدمين بعدم فتح ملفات VC6 من مصادر غير موثوقة
4. عطل وظيفة معاينة الملفات إن أمكن
عناصر التحكم التعويضية (حتى توفر التصحيح):
5. طبق قائمة بيضاء للتطبيقات لتقييد تنفيذ Ashlar-Vellum
6. استخدم تقسيم الشبكة لعزل محطات عمل CAD عن الأنظمة الحرجة
7. راقب سجلات الوصول إلى الملفات للعمليات المريبة لملفات VC6
8. طبق قواعد منع فقدان البيانات (DLP) لمنع تسرب ملفات التصميم
الكشف:
9. راقب السلوك غير الطبيعي لعمليات Ashlar-Vellum (انتهاكات الذاكرة والعمليات الفرعية غير المتوقعة)
10. أصدر تنبيهات عند تنزيل ملفات VC6 من مصادر خارجية أو نقل ملفات مريب
11. تتبع أعطال النظام أو انتهاكات الوصول المتعلقة بعمليات Ashlar-Vellum
التصحيح:
12. اتصل بدعم Ashlar-Vellum للحصول على جدول زمني لتوفر التصحيح
13. خطط للتصحيح الفوري بمجرد إصدار التحديثات
14. اختبر التصحيحات في بيئة معزولة قبل نشرها في الإنتاج
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.6.1.1 - Organization of information security
A.12.2.1 - Controls against malware
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development policy
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification
PR.IP-12 - Software development security practices
DE.CM-8 - Vulnerability scans and assessments
RS.MI-2 - Incident response and containment
🟡 ISO 27001:2022
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development policy
A.12.2.1 - Controls against malware
A.5.1.1 - Information security policies
📦 Affected Products / CPE 5 entries
ashlar:argon
ashlar:cobalt
ashlar:cobalt_share
ashlar:lithium
ashlar:xenon