CVE-2025-61803: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

CVE-2025-61803 is an Integer Overflow or Wraparound vulnerability affecting Adobe Substance 3D Stager versions 3.1.4 and earlier. The vulnerability was discovered and disclosed on October 14, 2025. The affected systems include both Windows and macOS platforms running Adobe Substance 3D Stager software (NVD).

The vulnerability is classified as an Integer Overflow or Wraparound (CWE-190) with a CVSS v3.1 base score of 7.8 (HIGH). The attack vector is Local (L), with Low attack complexity (L), requiring No privileges (N) and User interaction (R). The scope is Unchanged (U), with High impact on Confidentiality (H), Integrity (H), and Availability (H) (NVD).

Successful exploitation of this vulnerability could result in arbitrary code execution in the context of the current user. If exploited, an attacker could potentially install programs, view, change, or delete data, or create new accounts with full user rights, depending on the user's privileges (CIS Advisory).

Adobe has released version 3.1.5 of Substance 3D Stager to address this vulnerability. Users are advised to update to the latest version immediately after appropriate testing. Organizations should also apply the principle of least privilege and run all software as a non-privileged user to minimize the impact of potential attacks (Adobe Security).