CVE-2023-25871 – CVE-2023-25871 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2023-25871?

CVE-2023-25871 has a CVSS score of 7.8 (HIGH). CVE-2023-25871 is a use-after-free vulnerability in Adobe Substance 3D Stager that could allow arbitrary code execution when a user opens a malicious file. This affects users of Substance 3D Stager versions 2.0.0 and earlier, requiring user interaction through file opening to trigger exploitation.

📋 TL;DR

CVE-2023-25871 is a use-after-free vulnerability in Adobe Substance 3D Stager that could allow arbitrary code execution when a user opens a malicious file. This affects users of Substance 3D Stager versions 2.0.0 and earlier, requiring user interaction through file opening to trigger exploitation.

💻 Affected Systems

Products:

Adobe Substance 3D Stager

Versions: 2.0.0 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable by default. No special configuration required for exploitation.

📦 What is this software?

Substance 3d Stager by Adobe

View all CVEs affecting Substance 3d Stager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to data exfiltration or malware installation on the affected workstation.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially resulting in application crash only.

🌐 Internet-Facing: LOW - Exploitation requires user interaction with malicious files, not directly accessible via network protocols.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or malicious file shares, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of memory corruption techniques. No public exploits confirmed as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.1 and later

Vendor Advisory: https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html

Restart Required: Yes

Instructions:

1. Open Adobe Substance 3D Stager. 2. Navigate to Help > Check for Updates. 3. Follow prompts to install version 2.0.1 or later. 4. Restart the application after installation completes.

🔧 Temporary Workarounds

Restrict file opening

all

Prevent users from opening untrusted Substance 3D Stager files

Application sandboxing

all

Run Substance 3D Stager in restricted execution environment

🧯 If You Can't Patch

Implement application control policies to restrict execution of Substance 3D Stager to trusted users only
Deploy endpoint detection and response (EDR) solutions to monitor for suspicious file opening behavior

🔍 How to Verify

Check if Vulnerable:

Check Adobe Substance 3D Stager version via Help > About. If version is 2.0.0 or earlier, system is vulnerable.

Check Version:

Not applicable - use GUI Help > About menu in application

Verify Fix Applied:

Verify version is 2.0.1 or later via Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crash logs from Substance 3D Stager
Unexpected process creation from Substance 3D Stager

Network Indicators:

Outbound connections from Substance 3D Stager to unexpected destinations

SIEM Query:

process_name:"Substance 3D Stager.exe" AND (event_type:crash OR parent_process:unexpected)

📊 Metadata

CVE ID: CVE-2023-25871

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: March 27, 2023

Last Updated: November 21, 2024

🔗 References

https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html Patch,Vendor Advisory
https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25871, you might also want to check these: