First published: Tue Mar 11 2025(Updated: )
Substance3D - Modeler versions 1.15.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Substance 3D Modeler | <1.15.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-27180 is classified as a medium severity vulnerability due to its potential to lead to sensitive memory disclosure.
To mitigate CVE-2025-27180, upgrade Substance 3D Modeler to version 1.15.1 or later.
CVE-2025-27180 is an out-of-bounds read vulnerability that may allow attackers to disclose sensitive information.
CVE-2025-27180 affects users of Substance 3D Modeler versions 1.15.0 and earlier.
Exploitation of CVE-2025-27180 could allow an attacker to bypass mitigations such as Address Space Layout Randomization (ASLR).