Adobe Substance 3d Modeler
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Substance 3d Modeler.
By the Year
In 2025 there have been 21 vulnerabilities in Adobe Substance 3d Modeler with an average score of 6.5 out of ten. Last year, in 2024 Substance 3d Modeler had 9 security vulnerabilities published. That is, 12 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 0.29
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 21 | 6.49 |
| 2024 | 9 | 6.78 |
It may take a day or so for new Substance 3d Modeler vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Substance 3d Modeler Security Vulnerabilities
Substance3D Modeler OOB Read <=1.22.3 allows RCE via crafted file
CVE-2025-54276
7.8 - High
- October 14, 2025
Substance3D - Modeler versions 1.22.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Modeler 1.22.2 and below: Int Overfl. => code exec
CVE-2025-54259
7.8 - High
- September 09, 2025
Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged.
Integer Overflow or Wraparound
ORDB_READ in Substance3D Modeler <=1.22.0 leading to memory disclosure
CVE-2025-54204
5.5 - Medium
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Modeler 1.22.0 OOBW (user interaction)
CVE-2025-49573
7.8 - High
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Allegorithmic Substance3D Modeler 1.22 OOB Read
CVE-2025-54186
5.5 - Medium
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
OOB Read in Substance3D Modeler 1.22.0 (pre) – Data Disclosure
CVE-2025-54197
5.5 - Medium
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Modeler <=1.22 OOB Read Memory Disclosure
CVE-2025-54199
5.5 - Medium
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Modeler OOB Read V<=1.22.0 (CVE-2025-54200)
CVE-2025-54200
5.5 - Medium
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Modeler OOB Read Memory Disclosure <=1.22.0
CVE-2025-54201
5.5 - Medium
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Modeler <1.22.0 OOB Read Memory Disclosure
CVE-2025-54202
5.5 - Medium
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
OOB Read in Substance3D Modeler <1.22.0 leads to Info Disclosure
CVE-2025-54203
5.5 - Medium
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Modeler 1.22.0 and earlier OOB Read leads to memory disclosure
CVE-2025-54235
5.5 - Medium
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
CVE-2025-49572 Substance3D Modeler 1.22.0-OR-OLDER OOB Write R (UI)
CVE-2025-49572
7.8 - High
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance 3D Modeler 1.22.0 RCE via Uncontrolled Search Path
CVE-2025-49571
7.8 - High
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses an uncontrolled search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.
DLL preloading
OOB Read in Substance3D Modeler <=1.22.0 Disclosure
CVE-2025-54198
5.5 - Medium
- August 12, 2025
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Uncontrolled Search Path in Substance3D Modeler <=1.21.0 (Arbitrary Code Exec)
CVE-2025-43553
7.8 - High
- May 13, 2025
Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application relies on a search path to locate critical resources such as libraries or executables, an attacker could manipulate the search path to load a malicious resource, potentially executing arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
DLL preloading
OOB write in Substance3D Modeler <=1.21.0
CVE-2025-43554
7.8 - High
- May 13, 2025
Substance3D - Modeler versions 1.21.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Modeler 1.15.0 or earlier: Heap Buffer Overflow CVE-2025-27173
CVE-2025-27173
7.8 - High
- March 11, 2025
Substance3D - Modeler versions 1.15.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Substance3D Modeler OOB Read Vulnerability before 1.15.0
CVE-2025-27180
5.5 - Medium
- March 11, 2025
Substance3D - Modeler versions 1.15.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
UAF in Substance3D Modeler <=1.15.0 Allows Arbitrary Code Exec
CVE-2025-27181
7.8 - High
- March 11, 2025
Substance3D - Modeler versions 1.15.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Substance 3D Modeler <=1.15.0 NULL PPtr D Ref Crash DoS
CVE-2025-21170
5.5 - Medium
- March 11, 2025
Substance3D - Modeler versions 1.15.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Substance3D Modeler Out-of-Bounds Read Vulnerability
CVE-2024-53005
5.5 - Medium
- December 10, 2024
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Modeler NULL Pointer Dereference Denial-of-Service Vulnerability
CVE-2024-52833
5.5 - Medium
- December 10, 2024
Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Substance3D Modeler NULL Pointer Dereference Denial-of-Service Vulnerability
CVE-2024-53006
5.5 - Medium
- December 10, 2024
Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Substance3D Modeler Heap-based Buffer Overflow Vulnerability
CVE-2024-52999
7.8 - High
- December 10, 2024
Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Modeler Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-53000
7.8 - High
- December 10, 2024
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Modeler Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-53001
7.8 - High
- December 10, 2024
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Modeler Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-53002
7.8 - High
- December 10, 2024
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Modeler Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-53003
7.8 - High
- December 10, 2024
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Modeler Out-of-Bounds Read Vulnerability
CVE-2024-53004
5.5 - Medium
- December 10, 2024
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Substance 3d Modeler or by Adobe? Click the Watch button to subscribe.
