CVE-2025-54258

CWE-416 — Use After Free3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 87.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Substance 3D Modeler Adobe Substance3d - Modeler

Timeline

PublishedSep 9

Latest updateSep 10

Description

Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDadobe/substance_3d_modeler< 1.22.4

▶CVEListV5adobe/substance3d_-_modeler1.22.2

🔴Vulnerability Details

GHSA

GHSA-c7vf-6ch7-mwvj: Substance3D - Modeler versions 1↗2025-09-10

▶

CVEList

Substance3D - Modeler | Use After Free (CWE-416)↗2025-09-09

▶