CVE-2023-25900: 
Adobe Dimension vulnerability analysis and mitigation

Adobe Dimension versions 3.4.7 and earlier contain an out-of-bounds read vulnerability (CVE-2023-25900) that was disclosed on March 28, 2023. The vulnerability affects Adobe Dimension software running on both Windows and macOS operating systems (NVD, Adobe Security).

The vulnerability is characterized as an out-of-bounds read issue that occurs when parsing a crafted file, potentially resulting in reading past the end of an allocated memory structure. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates local access is required, with low attack complexity, no privileges required, and user interaction is necessary (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The high severity rating indicates potential significant impacts on confidentiality, integrity, and availability of the affected system (NVD).

Adobe has addressed this vulnerability in Adobe Dimension version 3.4.8. Users are advised to update to this version to mitigate the risk (Adobe Security).