CVE-2023-25895: 
Adobe Dimension vulnerability analysis and mitigation

Adobe Dimension versions 3.4.7 and earlier contain a Heap-based Buffer Overflow vulnerability identified as CVE-2023-25895. The vulnerability was discovered and assigned on February 15, 2023, with Adobe releasing an advisory in March 2023. This security flaw affects Adobe Dimension software running on both Windows and macOS operating systems (Adobe Advisory).

The vulnerability is classified as a Heap-based Buffer Overflow (CWE-122) and Out-of-bounds Write (CWE-787) issue. It received a CVSS v3.1 base score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The impact is considered critical as it could allow an attacker to execute malicious code with the same privileges as the affected user (Adobe Advisory).

Adobe has addressed this vulnerability in Adobe Dimension version 3.4.8. Users are advised to update to this version or later to mitigate the risk (Adobe Advisory).