CVE-2025-61835: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

CVE-2025-61835 is an Integer Underflow (Wrap or Wraparound) vulnerability affecting Adobe Substance3D - Stager versions 3.1.5 and earlier. The vulnerability was disclosed on November 11, 2025, and requires user interaction through opening a malicious file to be exploited (NVD).

The vulnerability is classified as CWE-191 (Integer Underflow) with a CVSS v3.1 Base Score of 7.8 (HIGH), and vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates local access is required, with low attack complexity, no privileges required, and user interaction is needed. The impact potential is high across confidentiality, integrity, and availability (NVD).

Successful exploitation of this vulnerability could result in arbitrary code execution in the context of the current user. Depending on the user's privileges, an attacker could potentially install programs, view or modify data, or create new accounts with full user rights (CIS Advisory).

Adobe has released version 3.1.6 to address this vulnerability. Organizations are advised to apply the stable channel update provided by Adobe to vulnerable systems immediately after appropriate testing. It is recommended to run all software as a non-privileged user to diminish the effects of a successful attack (CIS Advisory).