CVE-2023-25878: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager versions 2.0.0 and earlier were identified with an out-of-bounds read vulnerability. The vulnerability was assigned CVE-2023-25878 and was disclosed on March 14, 2023. This security flaw affects Adobe Substance 3D Stager software running on both Windows and macOS operating systems (Adobe Advisory).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) that could potentially expose sensitive memory information. The CVSS v3.1 base score is 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and user interaction, has no privileges required, and can lead to high confidentiality impact without affecting integrity or availability (NVD).

The vulnerability could lead to the disclosure of sensitive memory information. More significantly, attackers could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR). However, successful exploitation requires user interaction, specifically opening a malicious file (CVE).

Adobe has released security updates to address this vulnerability. Users of Adobe Substance 3D Stager should update their software to versions newer than 2.0.0 to mitigate this security risk (Adobe Advisory).