Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability 漏洞信息(CVE-2025-2021)

一、漏洞 CVE-2025-2021 基础信息

美国国家漏洞数据库 NVD

漏洞标题

Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25264.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

整数溢出或超界折返

来源：美国国家漏洞数据库 NVD

二、漏洞 CVE-2025-2021 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2025-2021 的情报信息

https://www.zerodayinitiative.com/advisories/ZDI-25-125/ x_research-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-2021

一、 漏洞 CVE-2025-2021 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2025-2021 的公开POC

三、漏洞 CVE-2025-2021 的情报信息

一、漏洞 CVE-2025-2021 基础信息