CVE-2021-28595: 
Adobe Dimension vulnerability analysis and mitigation

Adobe Dimension version 3.4 and earlier versions are affected by an Uncontrolled Search Path Element vulnerability. The vulnerability was discovered and reported by hhjjyy and Yongjun Liu of nsfocus security team, with the assigned identifier CVE-2021-28595. The vulnerability was officially recorded on March 16, 2021, affecting Adobe Dimension software on both Windows and macOS platforms (CVE Details).

The vulnerability is classified as an Uncontrolled Search Path Element (CWE-427) issue. It has received a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v2.0 score of 9.3 with the vector (AV:N/AC:M/Au:N/C:C/I:C/A:C) (NVD).

If successfully exploited, this vulnerability could allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. The impact of successful exploitation could result in complete compromise of the affected system's confidentiality, integrity, and availability (NVD).

Adobe has released security patches to address this vulnerability. Users are advised to update to the latest version of Adobe Dimension through the official Adobe security advisory (Adobe Advisory).