Out-of-Bounds Read Vulnerability in Substance3D Modeler by Adobe
CVE-2025-54276

7.8HIGH

Key Information:

Vendor: Adobe
Status: Substance3d - Modeler
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-54276?

Adobe Substance3D Modeler versions 1.22.3 and earlier contain an out-of-bounds read vulnerability, which could be triggered when parsing specially crafted files. This flaw may lead to unauthorized access and potential code execution in the context of the user who opened the malicious file. Successful exploitation necessitates user interaction, as the victim must open the crafted file to trigger the vulnerability.

Affected Version(s)

Substance3D - Modeler 0 <= 1.22.3

References

https://helpx.adobe.com/security/products/substance3d-mod...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Jul 17, 2025

JSON