CVE-2025-2021

CVSS 3.1 Score 7.7 of 10 (high)

Details

Published Mar 11, 2025

CWE ID 457

Summary

CVE-2025-2021 is a remote code execution vulnerability affecting Ashlar-Vellum Cobalt XE. Malicious files or web pages can exploit this issue by causing an integer overflow during XE file parsing. The lack of proper data validation is the root cause, allowing attackers to execute arbitrary code in the context of the current process. User interaction is necessary for exploitation. This vulnerability, identified as ZDI-CAN-25264, was disclosed prior to its public release.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco Meraki MX

Affected Vendors

Cisco

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/45L9cG
https://www.cve.org/CVERecord?id=CVE-2025-2021
https://nvd.nist.gov/vuln/detail/CVE-2025-2021

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners