CVE-2025-61806: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

CVE-2025-61806 affects Adobe Substance3D - Stager versions 3.1.4 and earlier. The vulnerability is characterized as an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. The vulnerability was discovered and disclosed on October 14, 2025 (NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) with a CVSS v3.1 base score of 7.8 (HIGH). The attack vector is Local (L), with Low attack complexity (L), requiring No privileges (N), and User interaction (R). The scope is Unchanged (U), with High impacts on Confidentiality (H), Integrity (H), and Availability (H) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute code in the context of the current user. The exploitation requires user interaction, specifically requiring a victim to open a malicious file (NVD).

Adobe has released version 3.1.5 of Substance 3D Stager to address this vulnerability. Users are advised to update to the latest version immediately after appropriate testing (ASEC).