CVE-2025-43588: 
Adobe Substance 3D Sampler vulnerability analysis and mitigation

Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that was discovered and disclosed in June 2025. The vulnerability has been assigned a CVSS score of 7.8 (High) by Adobe Systems Incorporated. This security flaw affects Adobe's Substance 3D Sampler application and requires user interaction through opening a malicious file to be exploited (NVD, Wiz).

The vulnerability is classified as an out-of-bounds write (CWE-787) issue with a CVSS v3.1 base score of 7.8 (High). The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, user interaction required, and high impacts on confidentiality, integrity, and availability (NVD).

If successfully exploited, the vulnerability enables arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running the Substance3D Sampler application (Wiz).

Adobe has released security updates to address this vulnerability. Users are advised to update their Substance3D Sampler installations to versions newer than 5.0 to protect against potential exploitation (Wiz).

The vulnerability was disclosed as part of Adobe's June 2025 security update, which addressed a total of 254 security flaws across various products. While this vulnerability was rated as high severity, it was part of a larger security update package from Adobe (Hacker News).