Uncontrolled Search Path Element Vulnerability in Adobe Substance3D Modeler
CVE-2025-43553

7.8HIGH

Key Information:

Vendor: Adobe
Status: Substance3d - Modeler
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-43553?

The Substance3D Modeler application from Adobe contains an Uncontrolled Search Path Element vulnerability that could allow an attacker to execute arbitrary code on the affected system. This issue arises when the application utilizes a search path to identify essential resources such as libraries or executables. If the path is manipulated by an attacker, they may load harmful resources, resulting in code execution within the context of the current user. The exploitation of this vulnerability necessitates user interaction, as the victim must open a malicious file. To learn more about this security issue, please refer to Adobe's official advisory.

Affected Version(s)

Substance3D - Modeler 0 <= 1.21.0

References

https://helpx.adobe.com/security/products/substance3d-mod...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 16, 2025