CVE-2025-61833: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

CVE-2025-61833 is an out-of-bounds read vulnerability affecting Adobe Substance3D - Stager versions 3.1.5 and earlier. The vulnerability was discovered and disclosed on November 11, 2025. The affected software is Adobe's Substance 3D Stager, a tool within the Adobe Substance 3D suite used for creating 3D content (Adobe Advisory, NVD).

The vulnerability is characterized as an out-of-bounds read issue that occurs when parsing a crafted file, which could result in a read past the end of an allocated memory structure. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is tracked under CWE-125 (Out-of-bounds Read) (NVD, ManageEngine).

If successfully exploited, this vulnerability could allow an attacker to execute code in the context of the current user. The impact could be significant, particularly if the affected user has administrative privileges, potentially allowing an attacker to install programs, view or modify data, or create new accounts with full user rights (CIS Advisory).

Adobe has released version 3.1.6 to address this vulnerability. Organizations and users are advised to update to the latest version immediately after appropriate testing. Users should also apply the principle of least privilege and run software as a non-privileged user to minimize the potential impact of successful attacks (Adobe Advisory).