CVE-2025-21131

Name of the Vulnerable Software and Affected Versions Substance3D - Stager versions 3.0.4 and earlier

Description The issue is related to an out-of-bounds write vulnerability in the Substance 3D Stager software. This vulnerability can be exploited to execute arbitrary code in the context of the current user by using a specially crafted malicious file. Exploitation requires user interaction, as the victim must open the malicious file.

Recommendations For Substance3D - Stager versions 3.0.4 and earlier, consider avoiding the use of potentially malicious files until a patch is available. As a temporary workaround, restrict the opening of files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.