A high-severity vulnerability has been identified in multiple Ashlar-Vellum computer-aided design (CAD) products. An attacker could exploit this flaw by tricking a user into opening a specially crafted design file, which could allow the attacker to execute arbitrary code and take control of the affected workstation. Successful exploitation could lead to the theft of sensitive intellectual property, system compromise, and further intrusion into the corporate network.

The vulnerability is a heap-based buffer overflow that occurs during the parsing of malformed project files. An unauthenticated remote attacker can create a specially crafted file and deliver it to a victim via email, a web download, or other social engineering methods. When the victim opens the malicious file with an affected version of the software, the application attempts to process a data structure with an incorrect length, leading to a buffer overflow. This condition can be exploited to overwrite adjacent memory, allowing the attacker to execute arbitrary code with the same privileges as the logged-in user.

This vulnerability is rated as high severity with a CVSS score of 7.8. Exploitation could have a significant business impact, particularly for organizations that rely on these products for creating and storing valuable intellectual property, such as engineering designs, product schematics, and proprietary models. A successful attack could lead to the exfiltration of confidential data, financial loss, reputational damage, and operational disruption. Furthermore, a compromised workstation could serve as a beachhead for an attacker to move laterally across the network, escalating the incident into a much larger breach.

Immediate Action: Immediately identify all systems running the affected Ashlar-Vellum software and apply the vendor-provided security updates to upgrade all installations to version 12 or later. After patching, it is critical to monitor for any signs of post-compromise activity and review system and application access logs for any unusual or unauthorized actions that may have occurred prior to remediation.

Proactive Monitoring: Implement enhanced monitoring on workstations where this software is installed. Look for anomalous process creation where an Ashlar-Vellum application spawns unexpected child processes (e.g., cmd.exe, powershell.exe). Monitor network traffic from these workstations for unusual outbound connections to unknown IP addresses or domains, which could indicate command-and-control (C2) communication.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. This includes strengthening user awareness training to warn against opening unsolicited files from untrusted sources. Additionally, consider using application control or whitelisting solutions to prevent the execution of unauthorized binaries on workstations running the vulnerable software.

Public Exploit Available: false

Given the high severity of this vulnerability and its potential for enabling intellectual property theft and further network compromise, immediate action is required. Although this CVE is not currently listed on the CISA KEV catalog, its impact is significant. We strongly recommend that all affected Ashlar-Vellum products be patched to version 12 or newer on an emergency basis. Prioritize patching systems used by engineers and designers who handle sensitive or critical project files.