Analysis Summary

CVE-2025-27181 CVSS:7.8

Adobe Substance3D - Modeler affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27180 CVSS:5.5

Adobe Substance3D - Modeler affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27173 CVSS:7.8

Adobe Substance3D - Modeler affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-21170 CVSS:5.5

Adobe Substance3D - Modeler affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-24439 CVSS:7.8

Adobe Substance3D - Sampler affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-24440 CVSS:7.8

Adobe Substance3D - Sampler affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-24441 CVSS:7.8

Adobe Substance3D - Sampler affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-24442 CVSS:7.8

Adobe Substance3D - Sampler affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-24443 CVSS:7.8

Adobe Substance3D - Sampler affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-24444 CVSS:7.8

Adobe Substance3D - Sampler affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-24445 CVSS:7.8

Adobe Substance3D - Sampler affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Impact

• Denial of Service
• Code Execution
• Security Bypass
• Buffer Overflow
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2025-27181

• CVE-2025-27180

• CVE-2025-27173

• CVE-2025-21170

• CVE-2025-24439

• CVE-2025-24440

• CVE-2025-24441

• CVE-2025-24442

• CVE-2025-24443

• CVE-2025-24444

• CVE-2025-24445

Affected Vendors

Affected Products

• Adobe Substance3D Modeler 1.15.0
• Adobe Substance3D Sampler 4.5.2

Remediation

Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.

Adobe Substance3D Modeler

Adobe Substance3D Sampler