Cyber Resilience

CVE-2023-39943

High

Published: 04 February 2025

Published
04 February 2025
Modified
16 September 2025
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 32.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-39943 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Ashlar Cobalt. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 32.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-39943 is a vulnerability in Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), where the application fails to properly validate user-supplied data during XE file parsing. This flaw, classified under CWE-787 (Out-of-bounds Write), can result in an out-of-bounds write condition. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A local attacker can exploit this vulnerability by crafting a malicious XE file and tricking a user into opening it within the affected application, requiring no privileges (PR:N) and low complexity (AC:L), though user interaction is necessary (UI:R). Successful exploitation enables arbitrary code execution in the context of the current process, granting the attacker high levels of control over confidentiality, integrity, and availability.

Mitigation guidance is available in the CISA ICS Advisory ICSA-23-299-03, accessible at https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03.

EU & UK References

Vulnerability details

In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code…

more

in the context of the current process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Out-of-bounds write in local file parser enables arbitrary code execution when user opens crafted malicious XE file (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2023-40222Same product: Ashlar Cobalt
CVE-2025-65084Same product: Ashlar Cobalt
CVE-2025-27175Shared CWE-787
CVE-2025-24444Shared CWE-787
CVE-2021-47781Shared CWE-787
CVE-2025-24441Shared CWE-787
CVE-2025-21138Shared CWE-787
CVE-2026-27274Shared CWE-787
CVE-2026-21341Shared CWE-787
CVE-2026-34618Shared CWE-787

Affected Assets

ashlar
cobalt
≤ 12.4.1204.200

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lack of proper validation of user-supplied data in XE files, preventing out-of-bounds writes during parsing.

prevent

Mandates timely flaw remediation by updating to the patched version v12 SP2 Build (1204.200), eliminating the vulnerability.

prevent

Provides memory protections like DEP and ASLR to mitigate exploitation of out-of-bounds writes for arbitrary code execution.

References