CVE-2023-25867: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager versions 2.0.0 and earlier were identified with an Improper Input Validation vulnerability (CVE-2023-25867). The vulnerability was first recorded on February 15, 2023, and publicly disclosed in March 2023. This security flaw affects Adobe Substance 3D Stager software running on both Windows and macOS operating systems (NVD).

The vulnerability is classified as a Heap-based Buffer Overflow (CWE-122) with a CVSS v3.1 base score of 7.8 (High). The technical vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access vector, low attack complexity, no privileges required, and user interaction required. The vulnerability stems from improper input validation that could lead to arbitrary code execution in the context of the current user (Adobe Advisory).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The high CVSS score of 7.8 indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (NVD).

Adobe has addressed this vulnerability in versions after 2.0.0 of Substance 3D Stager. Users are advised to update to the latest version of the software to mitigate this security risk (NVD).