CVE-2025-21128

High

Published: 14 January 2025

Published

14 January 2025

Modified

17 January 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0018 38.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21128 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Adobe Substance 3D Stager. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 38.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Flaw remediation requires timely patching of Substance3D Stager to fix the stack-based buffer overflow vulnerability and prevent arbitrary code execution.

SI-16 Memory Protection good match

prevent

Memory protection implements safeguards like ASLR, DEP, and stack canaries to block exploitation of the stack-based buffer overflow for arbitrary code execution.

SI-3 Malicious Code Protection partial match

preventdetect

Malicious code protection scans potentially malicious files before opening, mitigating user-interaction-based exploitation of the buffer overflow vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Buffer overflow in file-processing app enables arbitrary code execution upon opening a crafted malicious file, directly mapping to T1204.002.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim…

must open a malicious file.

Deeper analysisAI

CVE-2025-21128 is a stack-based buffer overflow vulnerability (CWE-121, CWE-787) affecting Adobe Substance3D Stager versions 3.0.4 and earlier. The flaw occurs when processing malicious files, potentially leading to arbitrary code execution in the context of the current user.

Exploitation requires local access (AV:L) with low complexity (AC:L) and no privileges (PR:N), but user interaction (UI:R) is necessary, as a victim must open a specially crafted malicious file. Successful exploitation grants the attacker high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) without scope change (S:U), resulting in a CVSS v3.1 base score of 7.8.

Adobe Security Bulletin APSB25-03 provides details on the vulnerability and mitigation, available at https://helpx.adobe.com/security/products/substance3d_stager/apsb25-03.html.

Details

CWE(s): CWE-121 CWE-787

Affected Products

adobe

substance 3d stager

≤ 3.1.0

CVEs Like This One

CVE-2026-21341Same product: Adobe Substance 3D Stager

CVE-2026-27274Same product: Adobe Substance 3D Stager

CVE-2025-21132Same product: Adobe Substance 3D Stager

CVE-2026-27279Same product: Adobe Substance 3D Stager

CVE-2026-21345Same product: Adobe Substance 3D Stager

CVE-2025-21131Same product: Adobe Substance 3D Stager

CVE-2026-27273Same product: Adobe Substance 3D Stager

CVE-2026-27275Same product: Adobe Substance 3D Stager

CVE-2025-21130Same product: Adobe Substance 3D Stager

CVE-2026-21343Same product: Adobe Substance 3D Stager

References

https://helpx.adobe.com/security/products/substance3d_stager/apsb25-03.html
Vendor Advisory · psirt@adobe.com