CVE-2023-25880: 
Adobe Dimension vulnerability analysis and mitigation

Adobe Dimension versions 3.4.7 and earlier contain a critical vulnerability identified as CVE-2023-25880. The vulnerability was discovered and reported to Adobe on November 4, 2022, and was publicly disclosed on March 16, 2023. This security flaw affects Adobe Dimension software on both Windows and macOS operating systems (ZDI Advisory, Adobe Advisory).

The vulnerability is classified as an out-of-bounds write vulnerability (CWE-787) that occurs during the parsing of GLTF files. The specific flaw allows for writing data past the end of an allocated buffer when processing crafted GLTF files. The vulnerability has received a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required (ZDI Advisory).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The high CVSS score reflects the potential for complete compromise of system confidentiality, integrity, and availability within the scope of the affected application (Adobe Advisory).

Adobe has released version 3.4.8 of Dimension to address this vulnerability. Users are strongly advised to update to this latest version to mitigate the risk (Adobe Advisory).