Severity
High
Analysis Summary
CVE-2025-27181 CVSS:7.8
Adobe Substance3D - Modeler affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27180 CVSS:5.5
Adobe Substance3D - Modeler affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27173 CVSS:7.8
Adobe Substance3D - Modeler affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-21170 CVSS:5.5
Adobe Substance3D - Modeler affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-24439 CVSS:7.8
Adobe Substance3D - Sampler affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-24440 CVSS:7.8
Adobe Substance3D - Sampler affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-24441 CVSS:7.8
Adobe Substance3D - Sampler affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-24442 CVSS:7.8
Adobe Substance3D - Sampler affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-24443 CVSS:7.8
Adobe Substance3D - Sampler affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-24444 CVSS:7.8
Adobe Substance3D - Sampler affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-24445 CVSS:7.8
Adobe Substance3D - Sampler affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Impact
- Denial of Service
- Code Execution
- Security Bypass
- Buffer Overflow
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-27181
CVE-2025-27180
CVE-2025-27173
CVE-2025-21170
CVE-2025-24439
CVE-2025-24440
CVE-2025-24441
CVE-2025-24442
CVE-2025-24443
CVE-2025-24444
CVE-2025-24445
Affected Vendors
Affected Products
- Adobe Substance3D Modeler 1.15.0
- Adobe Substance3D Sampler 4.5.2
Remediation
Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.