CVE-2025-7984
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-22
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ashlar | cobalt | 12.2.1204.96 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-457 | The code uses a variable that has not been initialized, leading to unpredictable or unintended results. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Ashlar-Vellum Cobalt's AR file parsing due to an uninitialized variable. It allows remote attackers to execute arbitrary code by exploiting the improper initialization of memory when parsing AR files. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file.
How can this vulnerability impact me? :
An attacker can execute arbitrary code on the affected system with the privileges of the current process, potentially leading to full compromise of the affected installation. This can result in data loss, system instability, or unauthorized access.