Security Update Advisory

Vulnerability Details

CVE ID: CVE-2025-59489

Date Discovered: June 4, 2025

Discovered By: RyotaK of GMO Flatt Security Inc.

Date Patch Available: October 2, 2025

Affected Operating System: See Affected Operating Systems Table

Affected Versions: See Unity Editor Versions Table

Patched Versions: See Unity Editor Versions Table

Vulnerability Type: CWE-426: Untrusted Search Path

Severity: High

CVSS Score: 8.4

CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Potential

Could allow local code execution and access to confidential information on end user devices running unity-built applications. Code execution would be confined to the privilege level of the vulnerable application, and information disclosure would be confined to the information available to the vulnerable application.There is no evidence of any exploitation of the vulnerability nor has there been any impact on users or customers.

Unity Editor Versions Table

Applications built with the indicated versions of the Unity Editor prior to the Patched Versions are considered vulnerable.

Current in Support Versions

We have extended fixes to out of support versions of the Unity Editor to include Unity 2019.1 and newer.

Out of Support Versions

Affected Platforms Table

Applications built with affected versions of the Unity Editor and released on these platforms could be impacted by the vulnerability.

Note: If a platform is not listed, there have been no findings to suggest that the vulnerability is exploitable.

On Microsoft Windows systems, the presence of a registered custom URI handler for a vulnerable application or handler name could increase the risk of exploitation. If a custom URI scheme is present and can be invoked on the target system, an attacker who can cause that URI to be opened could trigger the vulnerable library-loading behavior without needing direct command-line access. Potential exploitation remains constrained to the privileges of the targeted application and to the data and services accessible to that process. Entities that routinely create registered URI handlers for Unity applications are encouraged to contact Unity directly at security@unity3d.com.

Discovery

This vulnerability was responsibly reported by an external security researcher.

Remediation Steps

Rebuild Application

• Update the Unity Editor to the newest version then rebuild and redeploy the application.

Binary Patch

• Using the Unity Binary Patch tool for the target platform, the Unity runtime library can be replaced with a patched version of the library.

Unity Fixed Versions

Unity fixed versions: Direct links to the first fixed versions of the Unity Editor (which includes the Unity Runtime as well)