Cyber Resilience

CVE-2023-40222

High

Published: 04 February 2025

Published
04 February 2025
Modified
16 September 2025
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0010 27.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-40222 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Ashlar Cobalt. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-40222 is a heap-based buffer overflow vulnerability (CWE-122) in Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200). The issue arises from a lack of proper validation of user-supplied data during the parsing of CO files, which can trigger the overflow. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and was published on 2025-02-04.

A local attacker with no privileges required can exploit this vulnerability by tricking a user into opening a maliciously crafted CO file through the affected application. Successful exploitation allows the attacker to execute arbitrary code in the context of the current process, potentially leading to high confidentiality, integrity, and availability impacts.

The CISA ICS Advisory ICSA-23-299-03, available at https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03, provides details on mitigation strategies for this vulnerability.

EU & UK References

Vulnerability details

In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary…

more

code in the context of the current process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Heap buffer overflow in file parser enables arbitrary code execution when user opens malicious CO file (T1204.002), which is a direct client-side exploitation vector (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2023-39943Same product: Ashlar Cobalt
CVE-2025-65085Same product: Ashlar Cobalt
CVE-2025-21395Shared CWE-122
CVE-2025-35984Shared CWE-122
CVE-2026-34629Shared CWE-122
CVE-2026-6306Shared CWE-122
CVE-2025-21390Shared CWE-122
CVE-2026-21676Shared CWE-122
CVE-2025-24057Shared CWE-122
CVE-2025-27173Shared CWE-122

Affected Assets

ashlar
cobalt
≤ 12.4.1204.200

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the vulnerability by applying the vendor patch to Ashlar-Vellum Cobalt v12 SP2 Build (1204.200), eliminating the heap-based buffer overflow.

prevent

Memory protection mechanisms such as ASLR and DEP prevent arbitrary code execution even if the heap buffer overflow is triggered by malformed CO files.

prevent

Information input validation enforces checks on user-supplied CO files prior to parsing, mitigating the lack of validation in the affected application.

References