cvedb.io
CVE-2025-59489
HIGH · CVSS 7.4
EPSS exploitation probability: 0%
Published 2025-10-03T14:15:45.733 · Last modified 2026-06-17T09:46:16.563

Summary

Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications.

Affected products

unity — editor

Does this affect you?

Add your gear to cvedb and we'll alert you only when unity ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.