CVE-2025-61807: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

CVE-2025-61807 affects Adobe Substance3D - Stager versions 3.1.4 and earlier. The vulnerability is classified as an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. The vulnerability was discovered and disclosed on October 14, 2025, requiring user interaction where a victim must open a malicious file (NVD).

The vulnerability is categorized as an Integer Overflow or Wraparound (CWE-190) issue. It has received a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the logged-on user. If the user has administrative privileges, an attacker could potentially install programs, view, change, or delete data, or create new accounts with full user rights (CIS Advisory).

Adobe has released version 3.1.5 of Substance 3D Stager to address this vulnerability. Users are advised to update to the latest version immediately after appropriate testing. Additionally, it is recommended to apply the principle of least privilege and run all software as a non-privileged user to diminish the effects of a successful attack (Adobe Security).