Skip to main content

Substance 3d Stager CVE-2025-27165

| EUVDEUVD-2025-20692 MEDIUM
Out-of-bounds Read (CWE-125)
2025-07-08 psirt@adobe.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 04:21 euvd
EUVD-2025-20692
Analysis Generated
Mar 16, 2026 - 04:21 vuln.today
CVE Published
Jul 08, 2025 - 22:15 nvd
MEDIUM 5.5

DescriptionCVE.org

Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Analysis

Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Technical ContextAI

An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Read (CWE-125).

RemediationAI

Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.

CVE-2025-43571 HIGH
7.8 May 13

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbi

CVE-2025-43549 HIGH
7.8 May 13

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbi

CVE-2026-21287 HIGH
7.8 Jan 13

Arbitrary code execution in Substance 3D Stager 3.1.5 and earlier stems from a use-after-free vulnerability that execute

CVE-2026-21341 HIGH
7.8 Feb 10

Arbitrary code execution in Substance 3D Stager 3.1.6 and earlier via an out-of-bounds write vulnerability allows local

CVE-2026-27277 HIGH
7.8 Mar 10

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through a use-after-free memory vulnerability that tri

CVE-2026-27276 HIGH
7.8 Mar 10

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier stems from a use-after-free vulnerability that execute

CVE-2026-21345 HIGH
7.8 Feb 10

Code execution in Substance 3D Stager 3.1.6 and earlier through a crafted file that triggers an out-of-bounds memory rea

CVE-2026-21344 HIGH
7.8 Feb 10

Substance 3D Stager 3.1.6 and earlier contains an out-of-bounds read vulnerability in file parsing that allows arbitrary

CVE-2026-21343 HIGH
7.8 Feb 10

Code execution in Substance 3D Stager 3.1.6 and earlier results from an out-of-bounds read vulnerability in malformed fi

CVE-2026-27279 HIGH
7.8 Mar 10

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered

CVE-2026-27275 HIGH
7.8 Mar 10

Arbitrary code execution in Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability triggered

CVE-2026-27274 HIGH
7.8 Mar 10

Arbitrary code execution in Adobe Substance 3D Stager 3.1.7 and earlier through an out-of-bounds write vulnerability tha

Share

CVE-2025-27165 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy