CVE-2025-11463
HIGHDescription
Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26626.
Is your site exposed to CVE-2025-11463?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ashlar | cobalt |
References
Other References
Frequently Asked Questions
What is CVE-2025-11463? +
How severe is CVE-2025-11463? +
What products are affected by CVE-2025-11463? +
How do I check if I'm vulnerable to CVE-2025-11463? +
Related Vulnerabilities
Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code.
z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when …
If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of …
Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue …
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers …
KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t …