March 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
RedLine Stealer – Active IOCs
January 22, 2025Rhadamanthys Stealer – Active IOCs
January 22, 2025RedLine Stealer – Active IOCs
January 22, 2025Rhadamanthys Stealer – Active IOCs
January 22, 2025
Severity
High
Analysis Summary
CVE-2025-21132 CVSS:7.8
Adobe Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-21129 CVSS:7.8
Adobe Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-21130 CVSS:7.8
Adobe Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-21131 CVSS:7.8
Adobe Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-21128 CVSS:7.8
Adobe Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-21122 CVSS:7.8
Adobe Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-21127 CVSS:7.8
Adobe Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application.
Impact
- Code Execution
- Buffer Overflow
Indicators of Compromise
CVE
CVE-2025-21132
CVE-2025-21129
CVE-2025-21130
CVE-2025-21131
CVE-2025-21128
CVE-2025-21122
CVE-2025-21127
Affected Vendors
Adobe
Affected Products
- Adobe Substance3D - Stager 3.0.4
- Adobe Photoshop Desktop 25.12
- Adobe Photoshop Desktop 26.1
Remediation
Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.