Multiple vulnerabilities in Adobe Substance 3D Sampler
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2025-24439 CVE-2025-24440 CVE-2025-24441 CVE-2025-24442 CVE-2025-24443 CVE-2025-24444 CVE-2025-24445 |
| CWE-ID | CWE-122 CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Adobe Substance 3D Sampler Client/Desktop applications / Multimedia software |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU105585
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24439
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim into opening a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Substance 3D Sampler: 2.0 - 4.5.2
CPE2.3- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.2:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU105587
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24440
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Substance 3D Sampler: 2.0 - 4.5.2
CPE2.3- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.2:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU105588
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24441
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Substance 3D Sampler: 2.0 - 4.5.2
CPE2.3- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.2:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU105589
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24442
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Substance 3D Sampler: 2.0 - 4.5.2
CPE2.3- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.2:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU105586
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24443
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim into opening a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Substance 3D Sampler: 2.0 - 4.5.2
CPE2.3- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.2:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU105590
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24444
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Substance 3D Sampler: 2.0 - 4.5.2
CPE2.3- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.2:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds write
EUVDB-ID: #VU105591
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24445
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Substance 3D Sampler: 2.0 - 4.5.2
CPE2.3- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_substance_3d_sampler:2.2:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
