CVE-2025-54237
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-09-18
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | substance_3d_stager | to 3.1.4 (exc) |
| apple | macos | * |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can lead to disclosure of sensitive information from the affected system. Since it requires user interaction (opening a malicious file), an attacker could trick a user into opening such a file to gain access to confidential data stored in memory.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening files from untrusted sources that could be malicious. Additionally, update Substance3D - Stager to a version later than 3.1.3 where this vulnerability is fixed.
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read in Substance3D - Stager versions 3.1.3 and earlier. It allows an attacker to read memory outside the intended boundaries, which can lead to exposure of sensitive information. Exploiting this vulnerability requires the victim to open a malicious file.