CVE-2023-25863 – Adobe Substance 3D Stager has an out-of-bounds ... (How to Fix)

Q: What is the severity of CVE-2023-25863?

CVE-2023-25863 has a CVSS score of 7.8 (HIGH). Adobe Substance 3D Stager has an out-of-bounds read vulnerability when parsing malicious files, which could allow attackers to execute arbitrary code as the current user. This affects users who open crafted files in versions 2.0.0 and earlier. Exploitation requires user interaction through opening a malicious file.

📋 TL;DR

Adobe Substance 3D Stager has an out-of-bounds read vulnerability when parsing malicious files, which could allow attackers to execute arbitrary code as the current user. This affects users who open crafted files in versions 2.0.0 and earlier. Exploitation requires user interaction through opening a malicious file.

💻 Affected Systems

Products:

Adobe Substance 3D Stager

Versions: 2.0.0 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable when opening files.

📦 What is this software?

Substance 3d Stager by Adobe

View all CVEs affecting Substance 3d Stager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker executing arbitrary code in the context of the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Application crash or limited information disclosure due to memory read errors, though code execution is possible with sophisticated exploitation.

🟢

If Mitigated

No impact if users don't open untrusted files or if application is patched.

🌐 Internet-Facing: LOW - Exploitation requires user interaction with malicious files, not network exposure.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user to open malicious file. Memory corruption vulnerabilities can be challenging to weaponize reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.1 and later

Vendor Advisory: https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html

Restart Required: Yes

Instructions:

1. Open Adobe Substance 3D Stager. 2. Go to Help > Check for Updates. 3. Install version 2.0.1 or later. 4. Restart the application.

🔧 Temporary Workarounds

Restrict file opening

all

Only open files from trusted sources and avoid opening unknown .stager files

Application control

all

Use application whitelisting to restrict execution of Adobe Substance 3D Stager to trusted users

🧯 If You Can't Patch

Implement strict user training about opening only trusted files
Use endpoint protection with memory protection features enabled

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Adobe Substance 3D Stager. If version is 2.0.0 or earlier, you are vulnerable.

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is 2.0.1 or later in Help > About.

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unexpected file parsing errors

Network Indicators:

File downloads of .stager files from untrusted sources

SIEM Query:

EventID=1000 OR EventID=1001 with Adobe Substance 3D Stager in source

📊 Metadata

CVE ID: CVE-2023-25863

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: March 27, 2023

Last Updated: November 21, 2024

🔗 References

https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html Patch,Vendor Advisory
https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25863, you might also want to check these: