CVE-2023-25864: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager versions 2.0.0 and earlier contain a Heap-based Buffer Overflow vulnerability identified as CVE-2023-25864. The vulnerability was disclosed on March 14, 2023, affecting both Windows and macOS operating systems. This security flaw requires user interaction, specifically opening a malicious file, to be exploited (Adobe Advisory, NVD).

The vulnerability is classified as a Heap-based Buffer Overflow (CWE-122) and Out-of-bounds Write (CWE-787) issue. It received a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This scoring indicates that while local access and user interaction are required, the vulnerability can lead to high impacts across confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability (Adobe Advisory).

Adobe has released patches to address this vulnerability in their security advisory. Users are advised to update to the latest version of Adobe Substance 3D Stager beyond version 2.0.0 (Adobe Advisory).