Login Sign Up

CVE-2023-25865

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2023-25865 is an improper input validation vulnerability in Adobe Substance 3D Stager that allows arbitrary code execution when a user opens a malicious file. This affects users of Substance 3D Stager versions 2.0.0 and earlier, requiring user interaction to trigger the exploit.

💻 Affected Systems

Products:
  • Adobe Substance 3D Stager
Versions: 2.0.0 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default when opening files.

📦 What is this software?

Substance 3d Stager by Adobe

View all CVEs affecting Substance 3d Stager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine in the context of the current user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware installation through social engineering attacks where users are tricked into opening malicious project files.

🟢

If Mitigated

No impact if users only open trusted files from verified sources and the application is properly patched.

🌐 Internet-Facing: LOW - Exploitation requires user interaction with malicious files, not direct network exposure.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of the vulnerability details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.1 and later

Vendor Advisory: https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html

Restart Required: Yes

Instructions:

1. Open Adobe Substance 3D Stager. 2. Go to Help > Check for Updates. 3. Follow prompts to install version 2.0.1 or later. 4. Restart the application.

🔧 Temporary Workarounds

Restrict file opening

all

Only open Substance 3D Stager files from trusted sources and verify file integrity before opening.

Application sandboxing

all

Run Substance 3D Stager in a sandboxed environment to limit potential damage from exploitation.

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized code
  • Use endpoint detection and response (EDR) solutions to monitor for suspicious process creation

🔍 How to Verify

Check if Vulnerable:

Check Adobe Substance 3D Stager version in Help > About. If version is 2.0.0 or earlier, the system is vulnerable.

Check Version:

Not applicable - check via application GUI Help > About menu

Verify Fix Applied:

Verify version is 2.0.1 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process creation from Substance 3D Stager
  • File access patterns showing malicious file opening

Network Indicators:

  • Outbound connections from Substance 3D Stager to suspicious domains

SIEM Query:

Process creation where parent_process contains 'Substance 3D Stager' AND process_name NOT IN ('expected_processes')

📊 Metadata

CVE ID: CVE-2023-25865
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: March 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25865, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)