CVE-2025-54195: 
Adobe Substance 3D Painter vulnerability analysis and mitigation

CVE-2025-54195 is an out-of-bounds read vulnerability affecting Adobe Substance 3D Painter versions 11.0.2 and earlier. The vulnerability was disclosed on August 12, 2025, and could potentially lead to disclosure of sensitive memory. The vulnerability specifically affects Adobe's 3D texturing and material application software (NVD).

The vulnerability is classified as an out-of-bounds read issue with a CVSS v3.1 Base Score of 5.5 (Medium). The vulnerability has the following CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating Local attack vector, Low attack complexity, No privileges required, User interaction required, Unchanged scope, High confidentiality impact, and No impact on integrity or availability. The vulnerability is tracked under CWE-125 (Out-of-bounds Read) (NVD).

The vulnerability could lead to the disclosure of sensitive memory information. The impact is primarily focused on confidentiality, with potential exposure of sensitive data if successfully exploited. The vulnerability requires user interaction, specifically opening a malicious file, to be exploited (CIS Advisory).

Adobe has addressed this vulnerability in versions after 11.0.2 of Substance 3D Painter. Users are advised to update to the latest version of the software. Organizations should also implement the principle of least privilege and ensure that user accounts have appropriate permissions (Adobe Advisory).