CVE-2025-61805
📋 TL;DR
CVE-2025-61805 is an out-of-bounds read vulnerability in Substance3D Stager that could allow arbitrary code execution when a user opens a malicious file. Attackers could exploit this to run code with the victim's privileges. Users of Substance3D Stager versions 3.1.4 and earlier are affected.
💻 Affected Systems
- Adobe Substance3D Stager
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local privilege escalation or arbitrary code execution within the user's context, allowing file system access and potential credential harvesting.
If Mitigated
Application crash or denial of service if memory protections prevent successful exploitation.
🎯 Exploit Status
Exploitation requires user interaction to open a crafted malicious file. The vulnerability is in file parsing logic.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.1.5 or later
Vendor Advisory: https://helpx.adobe.com/security/products/substance3d_stager/apsb25-104.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to Apps > Updates. 3. Find Substance3D Stager and click Update. 4. Restart the application after installation completes.
🔧 Temporary Workarounds
Restrict file opening
allOnly open Substance3D Stager files from trusted sources and avoid opening unknown .sbsar or other supported file formats.
Application sandboxing
allRun Substance3D Stager in a sandboxed environment or virtual machine to limit potential damage from exploitation.
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of unauthorized code
- Use endpoint detection and response (EDR) solutions to monitor for suspicious process creation
🔍 How to Verify
Check if Vulnerable:
Check Substance3D Stager version in Help > About or via Adobe Creative Cloud app. Versions 3.1.4 or earlier are vulnerable.Check Version:
On Windows: Check via Adobe Creative Cloud app or registry at HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Substance3D Stager. On macOS: Check via Adobe Creative Cloud app or application info.Verify Fix Applied:
Confirm version is 3.1.5 or later in Help > About menu.📡 Detection & Monitoring
Log Indicators:
- Application crashes with memory access violations
- Unexpected process creation from Substance3D Stager
Network Indicators:
- Unusual outbound connections following file opening in Substance3D Stager
SIEM Query:
Process creation where parent_process contains 'Stager' AND (process contains 'cmd.exe' OR process contains 'powershell.exe' OR process contains suspicious binaries)