Beware of Malicious Files in Adobe Substance 3D Stager

CVECVE-2023-25870
CVSScvssV3_1: 7.8
SourceCVE-2023-25870

Adobe Substance 3D Stager, a 3D content creation software, is affected by a vulnerability that could allow hackers to execute malicious code on users’ computers.

The vulnerability, tracked as CVE-2023-25870, is an out-of-bounds memory write issue that can be exploited if a victim opens a specially crafted file. This would allow an attacker to run arbitrary code and potentially gain complete control of the affected system.

Adobe Substance 3D Stager versions 2.0.0 and earlier are impacted. By opening a malicious file, hackers could install programs, view, change, or delete data, or create new accounts with full user rights. User interaction is required for exploitation, as the victim would need to open a file received from an untrusted source for the vulnerability to be abused.

To stay protected, users should keep Adobe Substance 3D Stager updated to the latest version. It’s also recommended to exercise caution when opening files from external sources and be wary of email attachments or downloads from untrusted websites. Following basic cyber safety practices like these helps stay one step ahead of online threats.

References