CVE-2025-59489_CVE-2025-59489

7.4 / 10

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications.

Basic Information

ID CVE-2025-59489

Source mitre

Published Oct 3, 2025 at 00:00

Modified Oct 3, 2025 at 17:22

Affected Product

Vendor Unity3D

Product Unity Editor

Version 6000.3

Affected Versions Unity3D Unity Editor 6000.3
Unity3D Unity Editor 6000.2
Unity3D Unity Editor 6000.0 LTS
Unity3D Unity Editor 2022.3 xLTS
Unity3D Unity Editor 2021.3 xLTS
Unity3D Unity Editor 6000.1
Unity3D Unity Editor 2023.2
Unity3D Unity Editor 2023.1
Unity3D Unity Editor 2022.3 LTS
Unity3D Unity Editor 2022.2
Unity3D Unity Editor 2022.1
Unity3D Unity Editor 2021.3 LTS
Unity3D Unity Editor 2021.2
Unity3D Unity Editor 2021.1
Unity3D Unity Editor 2020.3
Unity3D Unity Editor 2020.2
Unity3D Unity Editor 2020.1
Unity3D Unity Editor 2019.4 LTS
Unity3D Unity Editor 2019.3
Unity3D Unity Editor 2019.2
Unity3D Unity Editor 2017.1.2p4

CWE Classification

CWE-88 CWE-426

References

{
    "lastseen": "",
    "description": "Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications.",
    "published": "2025-10-03T00:00:00.000Z",
    "modified": "2025-10-03T17:22:11.001Z",
    "type": "cve",
    "title": "CVE-2025-59489",
    "source": "mitre",
    "references": "https://unity.com/security#security-updates-and-patches\nhttps://unity.com/security/sept-2025-01\nhttps://flatt.tech/research/posts/arbitrary-code-execution-in-unity-runtime/",
    "id": "CVE-2025-59489",
    "bulletinFamily": "",
    "cwe": [
        "CWE-88",
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "Unity3D Unity Editor 6000.3\nUnity3D Unity Editor 6000.2\nUnity3D Unity Editor 6000.0 LTS\nUnity3D Unity Editor 2022.3 xLTS\nUnity3D Unity Editor 2021.3 xLTS\nUnity3D Unity Editor 6000.1\nUnity3D Unity Editor 2023.2\nUnity3D Unity Editor 2023.1\nUnity3D Unity Editor 2022.3 LTS\nUnity3D Unity Editor 2022.2\nUnity3D Unity Editor 2022.1\nUnity3D Unity Editor 2021.3 LTS\nUnity3D Unity Editor 2021.2\nUnity3D Unity Editor 2021.1\nUnity3D Unity Editor 2020.3\nUnity3D Unity Editor 2020.2\nUnity3D Unity Editor 2020.1\nUnity3D Unity Editor 2019.4 LTS\nUnity3D Unity Editor 2019.3\nUnity3D Unity Editor 2019.2\nUnity3D Unity Editor 2017.1.2p4",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Unity Editor",
    "version": "6000.3",
    "vendor": "Unity3D",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}