← Back

CVE-2025-43553

nvd nist
Published: May 13, 2025Modified: May 19, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: psirt@adobe.com (Secondary)

Description

Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application relies on a search path to locate critical resources such as libraries or executables, an attacker could manipulate the search path to load a malicious resource, potentially executing arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected (1)

Adobe
1 product
Substance 3d Modeler
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Substance 3d Modeler
Before 1.22.0

Related CWEs

CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (1)

Source: psirt@adobe.com
Vendor Advisory

Timeline

No history available yet.