CVE-2025-7993: 
NixOS vulnerability analysis and mitigation

Ashlar-Vellum Cobalt contains a Use-After-Free Remote Code Execution vulnerability (CVE-2025-7993) that affects the parsing of LI files. The vulnerability was discovered on March 12, 2025, and was publicly disclosed on July 30, 2025, as a zero-day vulnerability. The issue affects Ashlar-Vellum Cobalt version 12.0.1204.91 (NVD, Zero Day Initiative).

The vulnerability stems from the lack of validation when checking the existence of an object prior to performing operations on it during LI file parsing. This Use-After-Free (CWE-416) vulnerability has received a CVSS v3.0 base score of 7.8 (High), with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The scoring indicates that while local access and user interaction are required, the vulnerability can lead to high impacts on confidentiality, integrity, and availability (Zero Day Initiative).

When successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process on affected installations of Ashlar-Vellum Cobalt. The exploitation requires user interaction, specifically that the target must visit a malicious page or open a malicious file (Zero Day Initiative).

Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product. As of the public disclosure on July 30, 2025, no vendor patch was available (Zero Day Initiative).

The vulnerability was initially reported to the vendor on March 12, 2025, who acknowledged receipt on March 13, 2025. After multiple follow-ups on May 2 and June 19, 2025, with no resolution, Zero Day Initiative proceeded to publish this as a zero-day advisory on July 30, 2025 (Zero Day Initiative).