CVE-2023-25868: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager versions 2.0.0 and earlier were identified with a critical Heap-based Buffer Overflow vulnerability (CVE-2023-25868). The vulnerability was disclosed on March 14, 2023, affecting both Windows and macOS operating systems. This security flaw requires user interaction, specifically opening a malicious file, to be exploited (Adobe Advisory).

The vulnerability is classified as a Heap-based Buffer Overflow (CWE-122) and Out-of-bounds Write (CWE-787). It received a CVSS v3.1 Base Score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates local access is required, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability (Adobe Advisory, NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The high CVSS score reflects the severe potential impact on system security, affecting confidentiality, integrity, and availability of the targeted system (Adobe Advisory).

Adobe has released patches to address this vulnerability. Users of Adobe Substance 3D Stager are advised to update their software to the latest version available through the official Adobe distribution channels (Adobe Advisory).