CVE-2025-43570: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

A Use After Free vulnerability was discovered in Adobe Substance3D - Stager versions 3.1.1 and earlier. The vulnerability was disclosed on May 13, 2025, and affects both Windows and macOS platforms. The vulnerability requires user interaction, specifically requiring a victim to open a malicious file to trigger the exploitation (NVD, Wiz).

The vulnerability is classified as a Use After Free (CWE-416) issue with a CVSS v3.1 Base Score of 7.8 (HIGH). The CVSS vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H indicates local access vector, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability (NVD, Wiz).

If successfully exploited, this vulnerability enables attackers to execute arbitrary code in the context of the current user. The impact severity is rated as HIGH, with potential consequences including the ability to install programs, view or modify data, and create new accounts with user rights, depending on the user's privilege level (Wiz).

Adobe has released version updates to address this vulnerability. Users are advised to update their Substance3D - Stager installations to versions newer than 3.1.1. Organizations should apply the stable channel update provided by Adobe to vulnerable systems immediately after appropriate testing (Wiz).