CVE-2025-49571
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-13
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | substance_3d_modeler | to 1.22.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Uncontrolled Search Path Element issue in Substance3D - Modeler versions 1.22.0 and earlier. It occurs when the application uses an uncontrolled search path to locate critical resources like programs. An attacker can modify this search path to point to a malicious program, which the application would then execute in the context of the current user. This can happen without any user interaction.
How can this vulnerability impact me? :
The vulnerability can lead to arbitrary code execution with the privileges of the current user. This means an attacker could run malicious code on your system, potentially leading to data theft, system compromise, or further attacks.