Substance 3d Stager
CVE-2025-61834
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Affected products include: Adobe Substance 3D Stager.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.
More in Substance 3d Stager
View allSubstance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbi
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbi
Arbitrary code execution in Substance 3D Stager 3.1.5 and earlier stems from a use-after-free vulnerability that execute
Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier via an out-of-bounds write vulnerability allows local
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through a use-after-free memory vulnerability that tri
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier stems from a use-after-free vulnerability that execute
Code execution in Substance 3D Stager 3.1.6 and earlier through a crafted file that triggers an out-of-bounds memory rea
Substance 3D Stager 3.1.6 and earlier contains an out-of-bounds read vulnerability in file parsing that allows arbitrary
Code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds read vulnerability in malformed fi
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered
Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered
Arbitrary code execution in Adobe Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability tha
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today