CVE Alert: CVE-2025-54262 - Adobe - Substance3D - Stager

CVE-2025-54262

HIGHNo exploitation known

Substance3D – Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS v3.1 (7.8)

AV LOCAL · AC LOW · PR NONE · UI REQUIRED · S UNCHANGED

Vendor

Adobe

Product

Substance3D – Stager

Versions

0 lte 3.1.3

CWE

CWE-125, Out-of-bounds Read (CWE-125)

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published

2025-09-16T17:23:12.414Z

Updated

2025-09-16T17:46:44.364Z

References

https://helpx.adobe.com/security/products/substance3d_stager/apsb25-81.html

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

Unusual process creation or memory-access anomalies when opening Substance3D Stager files.
Crashes or memory corruption dumps tied to the Stager parsing routine.
Suspicious or newly observed file types or crafted files triggering the application.
Abnormal user-assisted executions or chain of events following file opens.

Mitigation and prioritisation

Apply the latest patch or upgrade to a non-affected version as soon as released; treat as priority 1 if KEV/EPSS indicates active exploitation.
Enforce application controls: allowlisting, sandboxing, and restricted file associations for Substance3D Stager.
Enable robust EDR/AV monitoring around file parsing and memory regions used by the app; restrict macro/attachment execution and phishing awareness.
Disable auto-opening of external files where feasible; implement MFA/least-privilege for workstation accounts.
Coordinate with IT change-management to schedule urgent patching and test in staging before production.

Note: KEV presence and EPSS score are not shown; if either indicates higher exploitation likelihood, elevate urgency accordingly.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: adobe, CVE, cve-2025-54262, OSINT, substance3d-stager, threatintel