Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability 漏洞信息(CVE-2025-2013)

一、漏洞 CVE-2025-2013 基础信息

美国国家漏洞数据库 NVD

漏洞标题

Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25186.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

释放后使用

来源：美国国家漏洞数据库 NVD

二、漏洞 CVE-2025-2013 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2025-2013 的情报信息

https://www.zerodayinitiative.com/advisories/ZDI-25-120/ x_research-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-2013

一、 漏洞 CVE-2025-2013 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2025-2013 的公开POC

三、漏洞 CVE-2025-2013 的情报信息

一、漏洞 CVE-2025-2013 基础信息