Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
Summary
The Ashlar-Vellum products Cobalt, Xenon, Argon, Lithium, and Cobalt Share have critical vulnerabilities, specifically an Out-of-Bounds Write and a Heap-based Buffer Overflow, which could allow attackers to disclose information or execute arbitrary code. The vulnerabilities have a CVSS v4 score of 8.4, indicating a high severity level, and users are urged to update their software to mitigate risks.
Impact
Affected products include Ashlar-Vellum Cobalt (versions 12.6.1204.207 and prior), Xenon (versions 12.6.1204.207 and prior), Argon (versions 12.6.1204.207 and prior), Lithium (versions 12.6.1204.207 and prior), and Cobalt Share (versions 12.6.1204.207 and prior). The vendor is Ashlar-Vellum.
In the Wild
No
Timeline
Disclosed on November 25, 2025
Remediation
Users are recommended to update to the following versions: Cobalt (versions 12.6.1204.208 or higher), Xenon (versions 12.6.1204.208 or higher), Argon (versions 12.6.1204.208 or higher), Lithium (versions 12.6.1204.208 or higher), and Cobalt Share (versions 12.6.1204.208 or higher). Additionally, users should minimize network exposure for all control system devices, locate control system networks behind firewalls, and use secure remote access methods such as VPNs.