Security Update Advisory
Summary
Applications that were built using affected versions of the Unity Editor are susceptible to an unsafe file loading and local file inclusion attack depending on the operating system, which could enable local code execution or information disclosure at the privilege level of the vulnerable application. There is no evidence of any exploitation of the vulnerability nor has there been any impact on users or customers. Unity has provided fixes that address the vulnerability and they are already available to all developers.
Vulnerability Details
CVE ID: CVE-2025-59489
Date Discovered: June 4, 2025
Discovered By: RyotaK of GMO Flatt Security Inc.
Date Patch Available: October 2, 2025
Affected Operating System: See Affected Operating Systems Table
Affected Versions: See Unity Editor Versions Table
Patched Versions: See Unity Editor Versions Table
Vulnerability Type: CWE-426: Untrusted Search Path
Severity: High
CVSS Score: 8.4
CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Potential
Could allow local code execution and access to confidential information on end user devices running unity-built applications. Code execution would be confined to the privilege level of the vulnerable application, and information disclosure would be confined to the information available to the vulnerable application.There is no evidence of any exploitation of the vulnerability nor has there been any impact on users or customers.
Unity Editor Versions Table
Applications built with the indicated versions of the Unity Editor prior to the Patched Versions are considered vulnerable.
Current in Support Versions
Affected Versions | Patched Version | |
---|---|---|
6000.3 | All | 6000.3.0b4 |
6000.2 | All | 6000.2.6f2 |
6000.0 LTS | All | 6000.0.58f2 |
2022.3 xLTS | All | 2022.3.67f2 |
2021.3 xLTS | All | 2021.3.56f2 |
Affected Versions | Patched Version | |
---|---|---|
6000.3 | ||
Affected Versions All | ||
Patched Version 6000.3.0b4 |
Affected Versions | Patched Version | |
---|---|---|
6000.2 | ||
Affected Versions All | ||
Patched Version 6000.2.6f2 |
Affected Versions | Patched Version | |
---|---|---|
6000.0 LTS | ||
Affected Versions All | ||
Patched Version 6000.0.58f2 |
Affected Versions | Patched Version | |
---|---|---|
2022.3 xLTS | ||
Affected Versions All | ||
Patched Version 2022.3.67f2 |
Affected Versions | Patched Version | |
---|---|---|
2021.3 xLTS | ||
Affected Versions All | ||
Patched Version 2021.3.56f2 |
We have extended fixes to out of support versions of the Unity Editor to include Unity 2019.1 and newer.
Out of Support Versions
Affected Versions | Patched Version | |
---|---|---|
6000.1 | All | 6000.1.17f1 |
2023.2 | All | 2023.2.22f1 |
2023.1 | All | 2023.1.22f1 |
2022.3 LTS | All | 2022.3.62f2 |
2022.2 | All | 2022.2.23f1 |
2022.1 | All | 2022.1.25f1 |
2021.3 LTS | All | 2021.3.45f2 |
2021.2 | All | 2021.2.20f1 |
2021.1 | All | 2021.1.29f1 |
2020.3 | All | 2020.3.49f1 |
2020.2 | All | 2020.2.8f1 |
2020.1 | All | 2020.1.18f1 |
2019.4 LTS | All | 2019.4.41f1 |
2019.3 | All | 2019.3.17f1 |
2019.2 | All | 2019.2.23f1 |
2019.1 | All | 2019.1.15f1 |
2018.4 | All | N/A |
2018.3 | All | N/A |
2018.2 | All | N/A |
2018.1 | All | N/A |
2017.4 | All | N/A |
2017.3 | 2017.3.0b9+ | N/A |
2017.2 | 2017.2.0p4+ | N/A |
2017.1 | 2017.1.2p4+ | N/A |
Affected Versions | Patched Version | |
---|---|---|
6000.1 | ||
Affected Versions All | ||
Patched Version 6000.1.17f1 |
Affected Versions | Patched Version | |
---|---|---|
2023.2 | ||
Affected Versions All | ||
Patched Version 2023.2.22f1 |
Affected Versions | Patched Version | |
---|---|---|
2023.1 | ||
Affected Versions All | ||
Patched Version 2023.1.22f1 |
Affected Versions | Patched Version | |
---|---|---|
2022.3 LTS | ||
Affected Versions All | ||
Patched Version 2022.3.62f2 |
Affected Versions | Patched Version | |
---|---|---|
2022.2 | ||
Affected Versions All | ||
Patched Version 2022.2.23f1 |
Affected Versions | Patched Version | |
---|---|---|
2022.1 | ||
Affected Versions All | ||
Patched Version 2022.1.25f1 |
Affected Versions | Patched Version | |
---|---|---|
2021.3 LTS | ||
Affected Versions All | ||
Patched Version 2021.3.45f2 |
Affected Versions | Patched Version | |
---|---|---|
2021.2 | ||
Affected Versions All | ||
Patched Version 2021.2.20f1 |
Affected Versions | Patched Version | |
---|---|---|
2021.1 | ||
Affected Versions All | ||
Patched Version 2021.1.29f1 |
Affected Versions | Patched Version | |
---|---|---|
2020.3 | ||
Affected Versions All | ||
Patched Version 2020.3.49f1 |
Affected Versions | Patched Version | |
---|---|---|
2020.2 | ||
Affected Versions All | ||
Patched Version 2020.2.8f1 |
Affected Versions | Patched Version | |
---|---|---|
2020.1 | ||
Affected Versions All | ||
Patched Version 2020.1.18f1 |
Affected Versions | Patched Version | |
---|---|---|
2019.4 LTS | ||
Affected Versions All | ||
Patched Version 2019.4.41f1 |
Affected Versions | Patched Version | |
---|---|---|
2019.3 | ||
Affected Versions All | ||
Patched Version 2019.3.17f1 |
Affected Versions | Patched Version | |
---|---|---|
2019.2 | ||
Affected Versions All | ||
Patched Version 2019.2.23f1 |
Affected Versions | Patched Version | |
---|---|---|
2019.1 | ||
Affected Versions All | ||
Patched Version 2019.1.15f1 |
Affected Versions | Patched Version | |
---|---|---|
2018.4 | ||
Affected Versions All | ||
Patched Version N/A |
Affected Versions | Patched Version | |
---|---|---|
2018.3 | ||
Affected Versions All | ||
Patched Version N/A |
Affected Versions | Patched Version | |
---|---|---|
2018.2 | ||
Affected Versions All | ||
Patched Version N/A |
Affected Versions | Patched Version | |
---|---|---|
2018.1 | ||
Affected Versions All | ||
Patched Version N/A |
Affected Versions | Patched Version | |
---|---|---|
2017.4 | ||
Affected Versions All | ||
Patched Version N/A |
Affected Versions | Patched Version | |
---|---|---|
2017.3 | ||
Affected Versions 2017.3.0b9+ | ||
Patched Version N/A |
Affected Versions | Patched Version | |
---|---|---|
2017.2 | ||
Affected Versions 2017.2.0p4+ | ||
Patched Version N/A |
Affected Versions | Patched Version | |
---|---|---|
2017.1 | ||
Affected Versions 2017.1.2p4+ | ||
Patched Version N/A |
Affected Platforms Table
Applications built with affected versions of the Unity Editor and released on these platforms could be impacted by the vulnerability.
Note: If a platform is not listed, there have been no findings to suggest that the vulnerability is exploitable.
Impact | Severity | |
---|---|---|
Android | Code Execution / Elevation of Privilege | High |
Windows | Elevation of Privilege | High |
Linux (Desktop) | Elevation of Privilege | High |
Linux (Embedded) | Elevation of Privilege | High |
MacOS | Elevation of Privilege | High |
Impact | Severity | |
---|---|---|
Android | ||
Impact Code Execution / Elevation of Privilege | ||
Severity High |
Impact | Severity | |
---|---|---|
Windows | ||
Impact Elevation of Privilege | ||
Severity High |
Impact | Severity | |
---|---|---|
Linux (Desktop) | ||
Impact Elevation of Privilege | ||
Severity High |
Impact | Severity | |
---|---|---|
Linux (Embedded) | ||
Impact Elevation of Privilege | ||
Severity High |
Impact | Severity | |
---|---|---|
MacOS | ||
Impact Elevation of Privilege | ||
Severity High |
On Microsoft Windows systems, the presence of a registered custom URI handler for a vulnerable application or handler name could increase the risk of exploitation. If a custom URI scheme is present and can be invoked on the target system, an attacker who can cause that URI to be opened could trigger the vulnerable library-loading behavior without needing direct command-line access. Potential exploitation remains constrained to the privileges of the targeted application and to the data and services accessible to that process. Entities that routinely create registered URI handlers for Unity applications are encouraged to contact Unity directly at security@unity3d.com.
Discovery
This vulnerability was responsibly reported by an external security researcher.
Remediation Steps
Rebuild Application
- Update the Unity Editor to the newest version then rebuild and redeploy the application.
Binary Patch
- Using the Unity Binary Patch tool for the target platform, the Unity runtime library can be replaced with a patched version of the library.
Unity Fixed Versions
Unity fixed versions: Direct links to the first fixed versions of the Unity Editor (which includes the Unity Runtime as well)
Patched Version | Unity Hub Link |
---|---|
6000.3.0b4 | |
6000.2.6f2 | |
6000.1.17f1 | |
6000.0.58f2 | |
2023.2.22f1 | |
2023.1.22f1 | |
2022.3.67f2 | |
2022.3.62f2 | |
2022.2.23f1 | |
2022.1.25f1 | |
2021.3.56f2 | |
2021.3.45f2 | |
2021.2.20f1 | |
2021.1.29f1 | |
2020.3.49f1 | |
2020.2.8f1 | |
2020.1.18f1 | |
2019.4.41f1 | |
2019.3.17f1 | |
2019.2.23f1 | |
2019.1.15f1 |
Patched Version | Unity Hub Link |
---|---|
6000.3.0b4 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
6000.2.6f2 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
6000.1.17f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
6000.0.58f2 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2023.2.22f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2023.1.22f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2022.3.67f2 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2022.3.62f2 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2022.2.23f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2022.1.25f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2021.3.56f2 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2021.3.45f2 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2021.2.20f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2021.1.29f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2020.3.49f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2020.2.8f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2020.1.18f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2019.4.41f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2019.3.17f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2019.2.23f1 | |
Unity Hub Link |
Patched Version | Unity Hub Link |
---|---|
2019.1.15f1 | |
Unity Hub Link |