CVE-2025-2019

HIGH
2025-03-11 [email protected]
RCE Buffer Overflow
7.8
CVSS 3.0
Share

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:52 vuln.today
CVE Published
Mar 11, 2025 - 21:15 nvd
HIGH 7.8

DescriptionNVD

Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25252.

AnalysisAI

Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied ...

Technical ContextAI

This vulnerability (CWE-122: Heap-based Buffer Overflow) affects that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data. Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied dat

Affected ProductsAI

Product: that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

Share

CVE-2025-2019 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy