CVE-2025-49571 Information
Aug 13, 2025
cve
Description
Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses an uncontrolled search path to locate critical resources such as programs an attacker could modify that search path to point to a malicious program which the targeted application would then execute. Exploitation of this issue does not require user interaction.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
https://helpx.adobe.com/security/products/substance3d-modeler/apsb25-76.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Related CNNVD
CNNVD-202508-1274 (Published: 2025-08-12)
Share on: