CVE-2025-65085
Published: 25 November 2025
Description
A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the heap-based buffer overflow flaw through patching to versions beyond 12.6.1204.207.
Implements memory protection mechanisms like ASLR and DEP to prevent exploitation of heap buffer overflows for arbitrary code execution.
Enforces input validation to block malformed inputs that trigger the heap-based buffer overflow vulnerability.
Security SummaryAI
CVE-2025-65085 is a heap-based buffer overflow vulnerability, classified under CWE-122, affecting Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share in versions 12.6.1204.207 and prior. Published on 2025-11-25, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.
The vulnerability can be exploited by a remote, unauthenticated attacker requiring low complexity and no user interaction. Successful exploitation could enable the attacker to disclose sensitive information or execute arbitrary code, resulting in high impacts to confidentiality, integrity, and availability.
The CISA ICS Advisory ICSA-25-329-01, available at https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-01, provides further details on this vulnerability, including recommended mitigations.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated heap-based buffer overflow enables arbitrary code execution and info disclosure, directly mapping to exploitation of public-facing applications.