CVE-2025-61805: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

CVE-2025-61805 affects Adobe Substance3D - Stager versions 3.1.4 and earlier. The vulnerability is classified as an out-of-bounds read vulnerability that occurs when parsing a crafted file, which could result in a read past the end of an allocated memory structure. The vulnerability was discovered and disclosed on October 14, 2025, affecting both Windows and macOS operating systems (NVD).

The vulnerability is categorized as an out-of-bounds read (CWE-125) with a CVSS v3.1 base score of 7.8 (HIGH). The attack vector is Local (L), with Low attack complexity (L), requiring No privileges (N) and User interaction (R). The scope is Unchanged (U), with High impact on Confidentiality (H), Integrity (H), and Availability (H) (NVD).

Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current user. The vulnerability requires user interaction, specifically opening a malicious file. Depending on the user's privileges, an attacker could potentially install programs, view, change, or delete data, or create new accounts with full user rights (CIS Security).

Adobe has released version 3.1.5 of Substance 3D Stager to address this vulnerability. Users are advised to update to the latest version immediately after appropriate testing. Organizations should also apply the principle of least privilege to all systems and services, and run all software as a non-privileged user to diminish the effects of a successful attack (Adobe Security).