CVE-2025-24445: 
Adobe Substance 3D Sampler vulnerability analysis and mitigation

Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability. The vulnerability was disclosed on March 11, 2025, and was assigned CVE-2025-24445. This security flaw affects Adobe's Substance3D Sampler software, requiring user interaction through opening a malicious file to be exploited (NVD CVE).

The vulnerability is classified as an out-of-bounds write (CWE-787) issue. According to the CVSS 3.1 scoring, it has received a base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that while local access is required, the vulnerability requires low attack complexity and no privileges, though it does need user interaction (NVD CVE).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The high CVSS score indicates severe potential impacts on confidentiality, integrity, and availability of the affected system (NVD CVE).

Adobe has released a security update to address this vulnerability. Users of affected systems are advised to update to versions newer than 4.5.2 of Substance3D Sampler (ASEC Advisory).