Description

Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications.

INFO

Published Date :

2025-10-03T00:00:00.000Z

Last Modified :

2025-10-03T17:22:11.001Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59489 vulnerability.

Vendors Products
Apple
  • Macos
Google
  • Android
Linux
  • Linux
  • Linux Kernel
Microsoft
  • Windows
Unity
  • Editor
Unity3d
  • Unity Editor
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59489.

URL Resource
https://flatt.tech/research/posts/arbitrary-code-execution-in-unity-runtime/ cve-icon cve-icon
https://unity.com/security#security-updates-and-patches cve-icon cve-icon
https://unity.com/security/sept-2025-01 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact