Request a Demo
Rewterz
RedLine Stealer – Active IOCs
January 22, 2025
Rewterz
Rhadamanthys Stealer – Active IOCs
January 22, 2025

Multiple Adobe Substance3D and Adobe Photoshop Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-21132 CVSS:7.8

Adobe Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-21129 CVSS:7.8

Adobe Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-21130 CVSS:7.8

Adobe Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-21131 CVSS:7.8

Adobe Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-21128 CVSS:7.8

Adobe Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-21122 CVSS:7.8

Adobe Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-21127 CVSS:7.8

Adobe Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application.

Impact

  • Code Execution
  • Buffer Overflow

Indicators of Compromise

CVE

  • CVE-2025-21132

  • CVE-2025-21129

  • CVE-2025-21130

  • CVE-2025-21131

  • CVE-2025-21128

  • CVE-2025-21122

  • CVE-2025-21127

Affected Vendors

Adobe

Affected Products

  • Adobe Substance3D - Stager 3.0.4
  • Adobe Photoshop Desktop 25.12
  • Adobe Photoshop Desktop 26.1

Remediation

Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.

Adobe Substance3D - Stager

Adobe Photoshop Desktop