Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability 漏洞信息(CVE-2025-2014)

一、漏洞 CVE-2025-2014 基础信息

美国国家漏洞数据库 NVD

漏洞标题

Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VS files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25235.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

使用未经初始化的变量

来源：美国国家漏洞数据库 NVD

二、漏洞 CVE-2025-2014 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2025-2014 的情报信息

https://www.zerodayinitiative.com/advisories/ZDI-25-115/ x_research-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-2014

一、 漏洞 CVE-2025-2014 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2025-2014 的公开POC

三、漏洞 CVE-2025-2014 的情报信息

一、漏洞 CVE-2025-2014 基础信息