CVE-2025-43553Uncontrolled Search Path Element in Adobe Substance 3D Modeler

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 69.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Substance 3D ModelerAdobe Substance3d Modeler
Timeline
PublishedMay 13

Description

Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application relies on a search path to locate critical resources such as libraries or executables, an attacker could manipulate the search path to load a malicious resource, potentially executing arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a m

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/substance3d_modeler1.21.0

🔴Vulnerability Details

2
CVEList
Substance3D - Modeler | Uncontrolled Search Path Element (CWE-427)2025-05-13
GHSA
GHSA-c8cj-99cw-rwf2: Substance3D - Modeler versions 12025-05-13
CVE-2025-43553 — Uncontrolled Search Path Element | cvebase