CVE-2025-49571

CWE-4273 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 91.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Substance 3D ModelerAdobe Substance3d - Modeler
Timeline
PublishedAug 12

Description

Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses an uncontrolled search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/substance3d_-_modeler1.22.0

🔴Vulnerability Details

2
CVEList
Substance3D - Modeler | Uncontrolled Search Path Element (CWE-427)2025-08-12
GHSA
GHSA-vpqm-gwg6-v658: Substance3D - Modeler versions 12025-08-12
CVE-2025-49571 (HIGH CVSS 7.8) | Substance3D - Modeler versions 1.22 | cvebase.io