CNNVD-202509-2631 Information

CNNVD ID

CNNVD-202509-2631

Related CVE

CVE-2025-8005

• CNNVD Published: 2025-09-17

Description (Chinese)

Ashlar-Vellum Cobalt是Ashlar-Vellum公司的一种基于参数的计算机辅助设计和 3D 建模程序。 Ashlar-Vellum Cobalt存在安全漏洞，该漏洞源于XE文件解析过程中缺乏对用户提供数据的适当验证，可能导致类型混淆条件，从而在当前进程环境中执行任意代码。

Description (English)

Ashlar-Vellam Cobalt is an argument-based computer-aided design and 3D modelling program for Ashlar-Vellum. There is a security loophole in Ashlar-Vellam Cobalt, which stems from the lack of proper validation of data provided by users during the XE file analysis process, which may lead to typologies and thus to the implementation of any code in the current process environment.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Ashlar-Vellum

Published

2025-09-17

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-722/