CVE-2025-61802: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

A Use After Free (UAF) vulnerability identified as CVE-2025-61802 was discovered in Adobe Substance 3D Stager versions 3.1.4 and earlier. The vulnerability was disclosed on October 14, 2025, affecting both Windows and macOS operating systems. This security flaw could potentially result in arbitrary code execution in the context of the current user, requiring user interaction through opening a malicious file (NVD, Adobe Security).

The vulnerability is classified as a Use After Free (UAF) memory corruption issue. Adobe has assigned it a CVSS v3.1 base score of 7.8 (HIGH), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The scoring indicates that while local access and user interaction are required, the vulnerability can lead to high impacts on confidentiality, integrity, and availability when successfully exploited (NVD).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. Depending on the user's privileges, an attacker could potentially install programs, view, change, or delete data, or create new accounts with full user rights (CIS Security).

Adobe has released version 3.1.5 of Substance 3D Stager to address this vulnerability. Users are strongly advised to update to this latest version. The update is available through the regular Adobe update channels (Adobe Security).