CVE-2023-25870: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager versions 2.0.0 and earlier contain an out-of-bounds write vulnerability identified as CVE-2023-25870. The vulnerability was disclosed on March 14, 2023, affecting both Windows and macOS operating systems. User interaction is required for exploitation, specifically requiring a victim to open a malicious file (Adobe Advisory, NVD).

The vulnerability is classified as an out-of-bounds write (CWE-787) that could lead to arbitrary code execution in the context of the current user. The severity is rated as HIGH with a CVSS 3.1 base score of 7.8. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running the Adobe Substance 3D Stager application (Adobe Advisory).

Adobe has addressed this vulnerability in an update to Adobe Substance 3D Stager. Users are advised to update their software to a version newer than 2.0.0 to mitigate this security risk (Adobe Advisory).