{"id":82802,"date":"2025-10-15T00:37:14","date_gmt":"2025-10-15T00:37:14","guid":{"rendered":""},"modified":"2025-11-01T11:54:00","modified_gmt":"2025-11-01T17:54:00","slug":"cve-2025-49573-out-of-bounds-write-vulnerability-in-substance3d-modeler","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-49573-out-of-bounds-write-vulnerability-in-substance3d-modeler\/","title":{"rendered":"CVE-2025-49573: Out-of-Bounds Write Vulnerability in Substance3D-Modeler<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

Cybersecurity threats are a constant pain point for digital businesses, and the latest vulnerability, CVE-2025-49573, in Substance3D-Modeler is no exception. This vulnerability impacts versions 1.22.0 and earlier of the Substance3D-Modeler software, a widely used modeling tool in the digital content creation industry. This issue is of significant concern due to its potential to allow arbitrary code execution<\/a>, leading to serious system compromise or data leakage.
\nThe vulnerability’s severity<\/a> is elevated by the fact that it demands user interaction, a common behavior in today’s collaborative digital landscape. This means an unsuspecting user opening an infected file<\/a> could inadvertently trigger the exploit, potentially causing widespread damage to the system environment. In the context of an organization, this could lead to significant data<\/a> breaches, financial loss, and harm to the company’s reputation.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-49573
\nSeverity: High (CVSS: 7.8)
\nAttack Vector: Local
\nPrivileges Required: User
\nUser Interaction: Required
\nImpact: Potential system<\/a> compromise and data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n