{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-59489", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-10-03T17:22:11.001Z", "dateReserved": "2025-09-16T00:00:00.000Z", "datePublished": "2025-10-03T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Unity Editor", "vendor": "Unity3D", "versions": [{"lessThan": "6000.3.0b4", "status": "affected", "version": "6000.3", "versionType": "custom"}, {"lessThan": "6000.2.6f2", "status": "affected", "version": "6000.2", "versionType": "custom"}, {"lessThan": "6000.0.58f2", "status": "affected", "version": "6000.0 LTS", "versionType": "custom"}, {"lessThan": "2022.3.67f2", "status": "affected", "version": "2022.3 xLTS", "versionType": "custom"}, {"lessThan": "2021.3.56f2", "status": "affected", "version": "2021.3 xLTS", "versionType": "custom"}, {"lessThan": "6000.1.17f1", "status": "affected", "version": "6000.1", "versionType": "custom"}, {"lessThan": "2023.2.22f1", "status": "affected", "version": "2023.2", "versionType": "custom"}, {"lessThan": "2023.1.22f1", "status": "affected", "version": "2023.1", "versionType": "custom"}, {"lessThan": "2022.3.62f2", "status": "affected", "version": "2022.3 LTS", "versionType": "custom"}, {"lessThan": "2022.2.23f1", "status": "affected", "version": "2022.2", "versionType": "custom"}, {"lessThan": "2022.1.25f1", "status": "affected", "version": "2022.1", "versionType": "custom"}, {"lessThan": "2021.3.45f2", "status": "affected", "version": "2021.3 LTS", "versionType": "custom"}, {"lessThan": "2021.2.20f1", "status": "affected", "version": "2021.2", "versionType": "custom"}, {"lessThan": "2021.1.29f1", "status": "affected", "version": "2021.1", "versionType": "custom"}, {"lessThan": "2020.3.49f1", "status": "affected", "version": "2020.3", "versionType": "custom"}, {"lessThan": "2020.2.8f1", "status": "affected", "version": "2020.2", "versionType": "custom"}, {"lessThan": "2020.1.18f1", "status": "affected", "version": "2020.1", "versionType": "custom"}, {"lessThan": "2019.4.41f1", "status": "affected", "version": "2019.4 LTS", "versionType": "custom"}, {"lessThan": "2019.3.17f1", "status": "affected", "version": "2019.3", "versionType": "custom"}, {"lessThan": "2019.2.23f1", "status": "affected", "version": "2019.2", "versionType": "custom"}, {"lessThan": "2019.1.15f1", "status": "affected", "version": "2017.1.2p4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-88", "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-10-03T17:22:11.001Z"}, "references": [{"url": "https://unity.com/security#security-updates-and-patches"}, {"url": "https://unity.com/security/sept-2025-01"}, {"url": "https://flatt.tech/research/posts/arbitrary-code-execution-in-unity-runtime/"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "6000.3", "versionEndExcluding": "6000.3.0b4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "6000.2", "versionEndExcluding": "6000.2.6f2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "6000.0 LTS", "versionEndExcluding": "6000.0.58f2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2022.3 xLTS", "versionEndExcluding": "2022.3.67f2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2021.3 xLTS", "versionEndExcluding": "2021.3.56f2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "6000.1", "versionEndExcluding": "6000.1.17f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.2", "versionEndExcluding": "2023.2.22f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2023.1", "versionEndExcluding": "2023.1.22f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2022.3 LTS", "versionEndExcluding": "2022.3.62f2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2022.2", "versionEndExcluding": "2022.2.23f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2022.1", "versionEndExcluding": "2022.1.25f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2021.3 LTS", "versionEndExcluding": "2021.3.45f2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2021.2", "versionEndExcluding": "2021.2.20f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2021.1", "versionEndExcluding": "2021.1.29f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2020.3", "versionEndExcluding": "2020.3.49f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2020.2", "versionEndExcluding": "2020.2.8f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2020.1", "versionEndExcluding": "2020.1.18f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2019.4 LTS", "versionEndExcluding": "2019.4.41f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2019.3", "versionEndExcluding": "2019.3.17f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2019.2", "versionEndExcluding": "2019.2.23f1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "versionStartIncluding": "2017.1.2p4", "versionEndExcluding": "2019.1.15f1"}]}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-426", "lang": "en", "description": "CWE-426 Untrusted Search Path"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-10-03T13:54:27.467605Z", "id": "CVE-2025-59489", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T13:56:31.987Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-59489", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-03T13:54:27.467605Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T13:55:43.155Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Unity3D", "product": "Unity Editor", "versions": [{"status": "affected", "version": "6000.3", "lessThan": "6000.3.0b4", "versionType": "custom"}, {"status": "affected", "version": "6000.2", "lessThan": "6000.2.6f2", "versionType": "custom"}, {"status": "affected", "version": "6000.0 LTS", "lessThan": "6000.0.58f2", "versionType": "custom"}, {"status": "affected", "version": "2022.3 xLTS", "lessThan": "2022.3.67f2", "versionType": "custom"}, {"status": "affected", "version": "2021.3 xLTS", "lessThan": "2021.3.56f2", "versionType": "custom"}, {"status": "affected", "version": "6000.1", "lessThan": "6000.1.17f1", "versionType": "custom"}, {"status": "affected", "version": "2023.2", "lessThan": "2023.2.22f1", "versionType": "custom"}, {"status": "affected", "version": "2023.1", "lessThan": "2023.1.22f1", "versionType": "custom"}, {"status": "affected", "version": "2022.3 LTS", "lessThan": "2022.3.62f2", "versionType": "custom"}, {"status": "affected", "version": "2022.2", "lessThan": "2022.2.23f1", "versionType": "custom"}, {"status": "affected", "version": "2022.1", "lessThan": "2022.1.25f1", "versionType": "custom"}, {"status": "affected", "version": "2021.3 LTS", "lessThan": "2021.3.45f2", "versionType": "custom"}, {"status": "affected", "version": "2021.2", "lessThan": "2021.2.20f1", "versionType": "custom"}, {"status": "affected", "version": "2021.1", "lessThan": "2021.1.29f1", "versionType": "custom"}, {"status": "affected", "version": "2020.3", "lessThan": "2020.3.49f1", "versionType": "custom"}, {"status": "affected", "version": "2020.2", "lessThan": "2020.2.8f1", "versionType": "custom"}, {"status": "affected", "version": "2020.1", "lessThan": "2020.1.18f1", "versionType": "custom"}, {"status": "affected", "version": "2019.4 LTS", "lessThan": "2019.4.41f1", "versionType": "custom"}, {"status": "affected", "version": "2019.3", "lessThan": "2019.3.17f1", "versionType": "custom"}, {"status": "affected", "version": "2019.2", "lessThan": "2019.2.23f1", "versionType": "custom"}, {"status": "affected", "version": "2017.1.2p4", "lessThan": "2019.1.15f1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://unity.com/security#security-updates-and-patches"}, {"url": "https://unity.com/security/sept-2025-01"}, {"url": "https://flatt.tech/research/posts/arbitrary-code-execution-in-unity-runtime/"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-88", "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6000.3.0b4", "versionStartIncluding": "6000.3"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6000.2.6f2", "versionStartIncluding": "6000.2"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6000.0.58f2", "versionStartIncluding": "6000.0 LTS"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2022.3.67f2", "versionStartIncluding": "2022.3 xLTS"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2021.3.56f2", "versionStartIncluding": "2021.3 xLTS"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6000.1.17f1", "versionStartIncluding": "6000.1"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2023.2.22f1", "versionStartIncluding": "2023.2"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2023.1.22f1", "versionStartIncluding": "2023.1"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2022.3.62f2", "versionStartIncluding": "2022.3 LTS"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2022.2.23f1", "versionStartIncluding": "2022.2"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2022.1.25f1", "versionStartIncluding": "2022.1"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2021.3.45f2", "versionStartIncluding": "2021.3 LTS"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2021.2.20f1", "versionStartIncluding": "2021.2"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2021.1.29f1", "versionStartIncluding": "2021.1"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2020.3.49f1", "versionStartIncluding": "2020.3"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2020.2.8f1", "versionStartIncluding": "2020.2"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2020.1.18f1", "versionStartIncluding": "2020.1"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2019.4.41f1", "versionStartIncluding": "2019.4 LTS"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2019.3.17f1", "versionStartIncluding": "2019.3"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2019.2.23f1", "versionStartIncluding": "2019.2"}, {"criteria": "cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2019.1.15f1", "versionStartIncluding": "2017.1.2p4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-10-03T17:22:11.001Z"}}}, "cveMetadata": {"cveId": "CVE-2025-59489", "state": "PUBLISHED", "dateUpdated": "2025-10-03T17:22:11.001Z", "dateReserved": "2025-09-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-10-03T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "21A9623D-D8B1-41C8-838C-3A5D9DC94893", "versionEndIncluding": "2018.4", "versionStartIncluding": "2017.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "80164735-6B7A-4224-9681-0C8EFDACDE91", "versionEndExcluding": "2019.1.15f1", "versionStartIncluding": "2019.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "25B84777-C5E0-48AE-A969-55FD4DB1CC9B", "versionEndExcluding": "2019.2.23f1", "versionStartIncluding": "2019.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "1BD52B26-9C04-40BA-9B4C-4703DE47E5D0", "versionEndIncluding": "2019.3.17f1", "versionStartIncluding": "2019.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:lts:*:*:*", "matchCriteriaId": "2844E761-7A18-439D-8A4E-EECFEF9A4BF6", "versionEndExcluding": "2019.4.41f1", "versionStartIncluding": "2019.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "4437C3BD-AD82-4C71-9D37-35EE28AF4666", "versionEndExcluding": "2020.1.18f1", "versionStartIncluding": "2020.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "C0A0F338-39D0-4273-B330-10284BFD4D45", "versionEndExcluding": "2020.2.8f1", "versionStartIncluding": "2020.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "1B0EDE20-DEDE-4711-85B4-42222B96A76A", "versionEndExcluding": "2020.3.49f1", "versionStartIncluding": "2020.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "7AE6D29B-FBDC-411B-A80C-91906F52B5D5", "versionEndExcluding": "2021.1.29f1", "versionStartIncluding": "2021.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "C9DB811C-2F11-460A-84A6-4F8428022B83", "versionEndExcluding": "2021.2.20f1", "versionStartIncluding": "2021.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:lts:*:*:*", "matchCriteriaId": "BA441916-E1BB-435A-BF13-E7C881DA753F", "versionEndExcluding": "2021.3.45f2", "versionStartIncluding": "2021.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "7F72C377-DBDA-40FA-B21B-7088253021B5", "versionEndExcluding": "2022.1.25f1", "versionStartIncluding": "2022.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "E1BE4037-1605-43D5-96C9-F84CDE421096", "versionEndExcluding": "2022.2.23f1", "versionStartIncluding": "2022.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:lts:*:*:*", "matchCriteriaId": "08C455CB-FCD6-4D86-AC8E-2509F0A7EB62", "versionEndExcluding": "2022.3.62f2", "versionStartIncluding": "2022.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:lts:*:*:*", "matchCriteriaId": "565D184B-47D1-4CD7-AD7C-887FCF304DC1", "versionEndExcluding": "2023.1.22f1", "versionStartIncluding": "2023.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:lts:*:*:*", "matchCriteriaId": "A51D8CF4-3E6D-45D2-92CB-819095A5C647", "versionEndExcluding": "2023.2.22f1", "versionStartIncluding": "2023.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:lts:*:*:*", "matchCriteriaId": "D643C324-981A-4CC1-B157-31C46879B0D7", "versionEndExcluding": "6000.0.58f2", "versionStartIncluding": "6000.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "7CFEF658-7CFF-429E-94BC-501D09A0214B", "versionEndExcluding": "6000.1.17f1", "versionStartIncluding": "6000.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "CC4F84C7-9076-4525-ADF5-0C47A199FB92", "versionEndExcluding": "6000.2.6f2", "versionStartIncluding": "6000.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:*:*:*:*:-:*:*:*", "matchCriteriaId": "8B7A8BC7-437E-4090-B951-400BB396A121", "versionEndExcluding": "6000.3.0b4", "versionStartIncluding": "6000.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:2017.1.2p4\\+:*:*:*:-:*:*:*", "matchCriteriaId": "4D4B42AC-5124-4DC9-9868-790314FB92FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:2017.2.0p4\\+:*:*:*:-:*:*:*", "matchCriteriaId": "73D7C1E8-3FCC-4F23-A906-ADAF18DF47E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:unity:editor:2017.3.0b9\\+:*:*:*:-:*:*:*", "matchCriteriaId": "C9CBFCEC-8196-4423-878C-C3B8844375D7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications."}], "id": "CVE-2025-59489", "lastModified": "2025-10-22T18:12:25.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-10-03T14:15:45.733", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://flatt.tech/research/posts/arbitrary-code-execution-in-unity-runtime/"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://unity.com/security#security-updates-and-patches"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://unity.com/security/sept-2025-01"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "cve@mitre.org", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-426"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}