CVE-2025-59489

Published Oct 3, 2025

Last updated a month ago

CVSS high 7.4
Unity Editor

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-59489 is a vulnerability in the Unity Runtime that affects games and applications built on Unity. Discovered on June 4, 2025, the vulnerability exists in Unity versions 2017.1 and later. It stems from the intent handling process, which allows malicious intents to control command line arguments passed to Unity applications. This could allow attackers to load arbitrary shared libraries and execute malicious code. The vulnerability involves an untrusted search path, potentially leading to unsafe file loading and local file inclusion. Exploitation could result in local code execution or information disclosure at the privilege level of the vulnerable application. The vulnerability primarily affects applications running on Android, Windows, Linux, and macOS. Unity has released patches for Unity 2019.1 and later, as well as a Unity Binary Patch tool to address the issue.

Description
Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications.
Source
cve@mitre.org
NVD status
Analyzed
Products
editor

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.4
Impact score
5.9
Exploitability score
1.4
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-88
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-426

Social media

Hype score
Not currently trending

  1. #VulnerabilityReport #android Unity Flaw CVE-2025-59489 Allows Local Code Execution in Millions of Games https://t.co/q94JXypFHn

    @Komodosec

    11 Nov 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🕵️‍♀️ Unity Linux systems face malware risks as attackers exploit runtime file resolution flaws (#CVE-2025-59489). Think your assets are secure? Read how to check and fortify Linux builds: #hacking #ethicalhacking #hacker https://t.co/tMOr05WSLd https://t.co/bszk1N6oFo

    @lnxsec

    9 Nov 2025

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔐 Linux builds remain vulnerable since Unity failed to issue patchers for CVE-2025-59489. IT admins must manually secure files or risk exploitation via local scripts. Get critical info here: #hacking #coding #hackers https://t.co/tMOr05WSLd https://t.co/0FMkv0AoQQ

    @lnxsec

    8 Nov 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🧩 Tech & Stability Update! - Upgraded project to Unity 6000.0.58f2 (includes fix for CVE-2025-59489)⚙️ - Fixed grid placement issues with cards, verbs & anti-verbs🎴 - Fixed tooltip positioning alignment🪛 #GameDev #Unity #IndieDev https://t.co/B5rlTRRrrw

    @wasilij_10

    30 Oct 2025

    16 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🔓 Unity CVE-2025-59489 has a clear exploitation path. Do you manage multiuser workstations or cloud systems with misconfigured permissions? See how to secure your Linux environment: #hacking #ethicalhacking #coding https://t.co/tMOr05WSLd https://t.co/JqFBkRHxC6

    @lnxsec

    28 Oct 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 💥 What’s the role of local files in Unity exploits? A writable search path and a cleverly crafted .so file is all hackers need to exploit CVE-2025-59489. Take action today: #hacking #kalilinux #hackers https://t.co/tMOr05WSLd https://t.co/CHVFO9dmiy

    @lnxsec

    27 Oct 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. ⚠️ CVE-2025-59489 — #Unity Runtime intent bug lets attackers influence Unity command-line args to load native libraries (affects Unity 2017.1+). Local apps can abuse this; limited remote vectors exist but #SELinux helps mitigate. Read More: https://t.co/u9a92dgd3a @Armored

    @ArmoredMobile

    27 Oct 2025

    151 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 📚 Unity Runtime RCE (CVE-2025-59489) Write up and PoC Arbitrary code execution in Unity runtime. Read: https://t.co/uowXSdKbl6 https://t.co/Asx8rbEZlC

    @IntCyberDigest

    27 Oct 2025

    6042 Impressions

    13 Retweets

    60 Likes

    37 Bookmarks

    0 Replies

    0 Quotes

  9. 🌐 Linux CTOs – poisoned mods could compromise your Unity-based systems before you know it. Always secure file paths and verify updates. Full details of CVE-2025-59489 here: #hacking #hack #coding https://t.co/tMOr05WSLd https://t.co/0j2veAhxe2

    @lnxsec

    26 Oct 2025

    113 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. #WarBrokers Halloween event is now live!!! Update log: - Halloween event starts! - Join ZOMBIE_DEAD_CITY to play! - Earn something new for each antidote you collect and die with... - Earn a special crate for winning Zombie Dead City! - New gun, MP7!!! - Fix for CVE-2025-59489

    @War_Brokers

    21 Oct 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  11. #ProjectGAEA #unity3d #gamedev 自作ロボゲー #ProjectGAEA の脆弱性「CVE-2025-59489」に対応したバージョンをアップロードしました https://t.co/3VovB4RGqU

    @TechnocratsRock

    20 Oct 2025

    762 Impressions

    5 Retweets

    20 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  12. 至高者の皆様へ: Unityは先日、セキュリティの脆弱性(CVE-2025-59489)を発表しました。弊社はUnityの指示に基づき、新バージョンを作成しました。 セキュリティ脆弱性の影響を受けるのを避けるため、各プラ

    @RoE_desire_jp

    20 Oct 2025

    193 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Dear Immortals: Unity recently announced a security vulnerability (CVE-2025-59489). We have rebuilt the new version according to Unity's official instructions. We recommend that you redownload the latest version from each platform to avoid being affected. ※ iOS systems are no

    @RoE_Desire

    20 Oct 2025

    386 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 至高者の皆様へ: Unityは先日、セキュリティの脆弱性(CVE-2025-59489)を発表しました。弊社はUnityの指示に基づき、新バージョンを作成しました。 セキュリティ脆弱性の影響を受けるのを避けるため、各プラ

    @RiseofErosJp

    20 Oct 2025

    811 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. 親愛的至高者大人: Unity 在近期宣佈了安全漏洞 (CVE-2025-59489),我們已根據 Unity 官方指示重新建立新版本。 建議您至各平台重新下載最新版本,來避免受到影響。 ※ Steam及DMM PC用戶會自動下載最新版本。 ※ iOS

    @rise_of_eros

    20 Oct 2025

    1143 Impressions

    0 Retweets

    10 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Dear Immortals: Unity recently announced a security vulnerability (CVE-2025-59489). We have rebuilt the new version according to Unity's official instructions. We recommend that you redownload the latest version from each platform to avoid being affected. ※ The latest version

    @RiseofEros

    20 Oct 2025

    7705 Impressions

    1 Retweet

    92 Likes

    6 Bookmarks

    1 Reply

    0 Quotes

  17. Unity: Runtime Critical Security Flaw CVE-2025-59489 Exposes Linux Builds #Security #Linux https://t.co/le94PIGsrg

    @gnoppixlinux

    15 Oct 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 📢 Client Update Addressing Unity Security Issue Hello, We are Team Rhythmicals. We are releasing a client update in response to the recently reported Unity security vulnerability (CVE-2025-59489). For a safer gameplay experience, we recommend updating to the latest version.

    @COXETA_Info

    11 Oct 2025

    354 Impressions

    3 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. unity側のセキュリティアプデ。 CVE-2025-59489 かな? #ドラクエウォーク https://t.co/kP8OeSFMY7

    @mikeneko211

    7 Oct 2025

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🛡️ Unity Cve-2025-59489 - Critical vulnerability in Unity Runtime: hEreis argument injection can be performed on Android/Windows/MacOS/Linux. Unity advises to rebuild the patching version. Developers 📱 - urgently check the releases; gamers - Put update only from official

    @Hack_Your_Mom

    7 Oct 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Unityの脆弱性CVE-2025-59489がゲーマーを攻撃にさらす危険性 https://t.co/95YyNPlNXV #Security #セキュリティー #ニュース

    @SecureShield_

    7 Oct 2025

    389 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 Unity Just Dropped a Bombshell > A critical security flaw hiding inside the Unity engine for nearly a decade has finally been exposed. Developers are being told to take immediate action — or risk leaving millions of players exposed. 📌 CVE-2025-59489 — rated 8.4 /

    @Xtec01

    6 Oct 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨 Unity Just Dropped a Bombshell > A critical security flaw hiding inside the Unity engine for nearly a decade has finally been exposed. Developers are being told to take immediate action — or risk leaving millions of players exposed. 📌 CVE-2025-59489 — rated 8.4 /

    @Xtec01

    6 Oct 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. ✅Those Holy Bones ✅Little Survivors Done! Both were patched to fix the recent Unity security issue CVE-2025-59489. #indiedev #gamedev #unity #indiegames https://t.co/dnGHzraVUF

    @VorelianGames

    6 Oct 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. PSA for PC gamers: A major Unity engine exploit (CVE-2025-59489) lets hackers run code through Unity games on Steam. Valve patched the Steam Client to reduce risk, but vulnerable games still exist. Until devs update, avoid running Unity games with custom launch options or mods.

    @SteamTrader

    6 Oct 2025

    179 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. ثغرة Unity CVE-2025-59489 تهدد مستخدمي Android وWindows وLinux وmacOS #علوم_وتكنولوجيا https://t.co/VhgjRUXjcM @unity @GamersDaySA

    @good_press_net

    6 Oct 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. CVE-2025-59489可嚴重了哎呀,大家快更新unity

    @wdw02008

    6 Oct 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. RCE Vulnerability Shakes Unity Ecosystem: Is Your Favorite Game Exposed to CVE-2025-59489? Read the full report on - https://t.co/DqQfn413EC https://t.co/HlQXLkx683

    @Iambivash007

    6 Oct 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 私が公開しているKaniLite(buttplug-liteのフォーク)はUnityを用いていないので、先日公開されたUnityの脆弱性(CVE-2025-59489)の影響は無いと思われます。 Intiface CentralもUnityを用いていないので、こちらも同脆弱性

    @Herbst17904634

    6 Oct 2025

    508 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. 🔥 𝐔𝐧𝐢𝐭𝐲 𝐅𝐥𝐚𝐰 𝐂𝐕𝐄-𝟐𝟎𝟐𝟓-𝟓𝟗𝟒𝟖𝟗 𝐀𝐥𝐥𝐨𝐰𝐬 𝐋𝐨𝐜𝐚𝐥 𝐂𝐨𝐝𝐞 𝐄𝐱𝐞𝐜𝐮𝐭𝐢𝐨𝐧 𝐢𝐧 𝐌𝐢𝐥𝐥𝐢𝐨𝐧𝐬 𝐨𝐟 𝐆𝐚𝐦𝐞𝐬 • CVE-2025

    @PurpleOps_io

    6 Oct 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 10/06(一)19:30 #資知通鑑 EP.2 知名遊戲引擎Unity於前天(2025/10/04)公布了一項引起廣大討論的更新 漏洞編號 CVE-2025-59489 在今年6月於一場駭客比賽中首次被通報發現 該漏洞得到了CVSS 8.4 的分數並被視為高度風險

    @cesium_cat

    6 Oct 2025

    1011 Impressions

    4 Retweets

    20 Likes

    2 Bookmarks

    2 Replies

    1 Quote

  32. A flaw in the Unity Runtime (CVE-2025-59489) allows local code execution in games via DLL injection through the Android intent handler. Developers must rebuild their apps. #Unity #CVE #GameSecurity #RCE #PatchNow https://t.co/HY0Rq081cc

    @the_yellow_fall

    6 Oct 2025

    342 Impressions

    0 Retweets

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  33. .@konami_support @unity スイッチ版「ときめきメモリアル」を大丈夫かな… Unity Security Bulletin Sept-2025-01 CVE-2025-59489 #Unity #ときメモ

    @junacrawf0rd

    5 Oct 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 최근 공개된 신규 Unity 보안 취약점(CVE-2025-59489)에 대해, 저희 사이코플럭스 엔터테인먼트에서도 Steam을 통해 서비스 중인 게임들을 대상으로 조치를 거의 완료하였습니다. 이번 이슈에 영향을 받은 게임들의 목

    @PsychoFlux_KR

    5 Oct 2025

    320 Impressions

    2 Retweets

    6 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. We have been working to address the recently disclosed Unity security vulnerability(CVE-2025-59489), and mitigation for the games we published on Steam is nearly complete. Details in thread. 🧵👇 https://t.co/O6a6gNwsXk

    @PsychoFlux_ent

    5 Oct 2025

    142 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  36. CRITICAL ALERT: Unity Flaw (CVE-2025-59489) Exposes Nearly A Decade of Games to Arbitrary Code Execution. Read the full report on - https://t.co/zQzmnDYD9C https://t.co/MgKgWzUb0r

    @Iambivash007

    5 Oct 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Added mitigations for Unity CVE-2025-59489, blocking a game launch through the Steam Client when an exploit attempt is detected. のところ https://t.co/VzFxIVbxVz

    @kumakochocolate

    5 Oct 2025

    176 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 旧バージョンUnityでビルド時に脆弱性パッチを自動で当てるやつ(CVE-2025-59489) https://t.co/PCMCjS8NHe #Qiita @FizDvより

    @yousukezan

    5 Oct 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 新着Unity記事! 『旧バージョンUnityでビルド時に脆弱性パッチを自動で当てるやつ(CVE-2025-59489)』 by -Fiz- #Unity #Qiita https://t.co/i7OmQkHviZ

    @UnityTweetBot

    4 Oct 2025

    166 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. 旧バージョンUnityでビルド時に脆弱性パッチを自動で当てるやつ(CVE-2025-59489) https://t.co/ttFyKYctiO #Qiita

    @qiitapoi

    4 Oct 2025

    671 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  41. 【オタクへ】 プニヒローダー2にCVE-2025-59489に対応するパッチを適用しました。最新のビルドIDは20254869です。Steamクライアントを自動アップデートさせておけば問題なさそうですが念のため… https://t.co/rhH43aOrNq

    @KaninoYokonobu

    4 Oct 2025

    682 Impressions

    4 Retweets

    11 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  42. プニヒローダー2にCVE-2025-59489に対応するためのパッチを適用しました。 本アップデートによるバージョン表記の変更はありません。 本件に関しまして、Steamクライアントのアップデートを推奨します。10月3

    @PunihiGames221

    4 Oct 2025

    224 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  43. 🛡️ Cyber Threat Digest – 2025-10-04 KEV: CVE-2014-6278 — GNU Bash OS Command NVD: CVE-2025-59489 — Unity Runtime before 2025-10-02 News: Hackers steal identifiable Discord user data… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    4 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. CVE-2025-59489、普通にRCEなのか。やめてよぉ~

    @abdda149

    4 Oct 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Unityの古いバージョン(2017.1以降)で発見されたセキュリティ脆弱性(CVE-2025-59489)で、攻撃者がユーザーのPCをリモートで悪用する可能性だと!?🙄Steamで配信されたUnity制ゲーム怖くて買えない🥺Steamは大手の

    @monjirou1989X

    4 Oct 2025

    225 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Steam Clientアプデに脆弱性修正かー >Added mitigations for Unity CVE-2025-59489, blocking a game launch through the Steam Client when an exploit attempt is detected.

    @kuroganet39

    4 Oct 2025

    245 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  47. Enigmatic Networkの全ゲームについて、Unityランタイムの脆弱性CVE-2025-59489への対処を(一応)行いました。

    @nokoyama_en

    4 Oct 2025

    698 Impressions

    0 Retweets

    8 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. We're pleased to announce that all of our downloadable game builds have been patched to fix the CVE-2025-59489 vulnerability of the Unity Editor, on Steam and Itch, for our two games: ➡️ Escape Space ➡️ Robot Arena Survivors Thank you for your trust, and have fun!

    @shidygames

    4 Oct 2025

    91 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  49. I decided to delist the OG game from itch today since I read up on the CVE-2025-59489 Unity issue. Decided way too much of a hassle to patch the old game since it was already difficult to package it since it was very shoddy. And I haven't used Unity for like over 3 year now too.

    @CRUMVIII

    4 Oct 2025

    556 Impressions

    2 Retweets

    12 Likes

    1 Bookmark

    4 Replies

    0 Quotes

  50. The Unity Security bug (affecting all Unity games) has been patched in Pinnacle Point and uploaded to Steam. CVE-2025-59489 related. #gamedev #screenshotsaturday #indiegames #horrorgames https://t.co/zpGXtRG52M

    @Ready2RunGames

    4 Oct 2025

    639 Impressions

    0 Retweets

    24 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.