Vulnerability DatabaseCVE-2025-27172

CVE-2025-27172:
Adobe Substance 3D Designer vulnerability analysis and mitigation

Overview

Adobe Substance3D Designer versions 14.1 and earlier contain an out-of-bounds write vulnerability that was disclosed on March 11, 2025. The vulnerability affects the Adobe Substance 3D Designer software suite, which is a professional 3D design tool (NVD CVE, Adobe Security).

Technical details

The vulnerability is classified as an out-of-bounds write vulnerability (CWE-787) that could lead to arbitrary code execution in the context of the current user. The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD CVE).

Impact

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user, potentially allowing an attacker to execute malicious code with the same privileges as the affected application (NVD CVE).

Mitigation and workarounds

Adobe has released version 14.1.1 of Substance 3D Designer to address this vulnerability. Users are advised to update to this latest version to mitigate the risk (ASEC Advisory).

Additional resources

Source: This report was generated using AI

Related Adobe Substance 3D Designer vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-21166	HIGH	7.8	Adobe Substance 3D Designer	cpe:2.3:a:adobe:substance_3d_designer	No	Yes	Jul 08, 2025
CVE-2025-21165	HIGH	7.8	Adobe Substance 3D Designer	cpe:2.3:a:adobe:substance_3d_designer	No	Yes	Jul 08, 2025
CVE-2025-21164	HIGH	7.8	Adobe Substance 3D Designer	cpe:2.3:a:adobe:substance_3d_designer	No	Yes	Jul 08, 2025
CVE-2025-21168	MEDIUM	5.5	Adobe Substance 3D Designer	cpe:2.3:a:adobe:substance_3d_designer	No	Yes	Jul 08, 2025
CVE-2025-21167	MEDIUM	5.5	Adobe Substance 3D Designer	cpe:2.3:a:adobe:substance_3d_designer	No	Yes	Jul 08, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2025-27172: Adobe Substance 3D Designer vulnerability analysis and mitigation