CVE-2024-20725: 
Adobe Substance 3D Painter vulnerability analysis and mitigation

CVE-2024-20725 affects Adobe Substance3D - Painter versions 9.1.1 and earlier. This vulnerability is an out-of-bounds read issue that could potentially expose sensitive memory information. The vulnerability was discovered and disclosed in February 2024, with Adobe Systems Incorporated serving as the assigning CNA (CVE Details).

The vulnerability is classified as an out-of-bounds read (CWE-125) with a CVSS v3.1 base score of 5.5 (Medium). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring no privileges (PR:N) but needs user interaction (UI:R). The scope is unchanged (S:U), with high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N) (NVD).

If successfully exploited, this vulnerability could lead to the disclosure of sensitive memory information. Additionally, attackers could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR) (Adobe Advisory).

Adobe has released updates to address this vulnerability. Users are advised to update their Adobe Substance3D Painter installations to versions newer than 9.1.1 (Adobe Advisory).