CVE-2023-25876: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager versions 2.0.0 and earlier were identified with a security vulnerability tracked as CVE-2023-25876. The vulnerability was discovered and assigned on February 15, 2023, and was publicly disclosed on March 14, 2023. This security flaw affects Adobe Substance 3D Stager software running on both Windows and macOS operating systems (CVE Details).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125). It received a CVSS v3.1 Base Score of 5.5 (Medium), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and user interaction, but no privileges, and can potentially lead to high confidentiality impact without affecting integrity or availability (Adobe Advisory).

The vulnerability could lead to the disclosure of sensitive memory information. More significantly, attackers could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR). However, successful exploitation requires user interaction, specifically opening a malicious file (NVD).

Adobe has addressed this vulnerability in versions after 2.0.0 of Substance 3D Stager. Users are advised to update to the latest version of the software to mitigate this security risk (Adobe Advisory).