{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2025-59489","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2025-10-03T17:22:11.001Z","dateReserved":"2025-09-16T00:00:00.000Z","datePublished":"2025-10-03T00:00:00.000Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Unity Editor","vendor":"Unity3D","versions":[{"lessThan":"6000.3.0b4","status":"affected","version":"6000.3","versionType":"custom"},{"lessThan":"6000.2.6f2","status":"affected","version":"6000.2","versionType":"custom"},{"lessThan":"6000.0.58f2","status":"affected","version":"6000.0 LTS","versionType":"custom"},{"lessThan":"2022.3.67f2","status":"affected","version":"2022.3 xLTS","versionType":"custom"},{"lessThan":"2021.3.56f2","status":"affected","version":"2021.3 xLTS","versionType":"custom"},{"lessThan":"6000.1.17f1","status":"affected","version":"6000.1","versionType":"custom"},{"lessThan":"2023.2.22f1","status":"affected","version":"2023.2","versionType":"custom"},{"lessThan":"2023.1.22f1","status":"affected","version":"2023.1","versionType":"custom"},{"lessThan":"2022.3.62f2","status":"affected","version":"2022.3 LTS","versionType":"custom"},{"lessThan":"2022.2.23f1","status":"affected","version":"2022.2","versionType":"custom"},{"lessThan":"2022.1.25f1","status":"affected","version":"2022.1","versionType":"custom"},{"lessThan":"2021.3.45f2","status":"affected","version":"2021.3 LTS","versionType":"custom"},{"lessThan":"2021.2.20f1","status":"affected","version":"2021.2","versionType":"custom"},{"lessThan":"2021.1.29f1","status":"affected","version":"2021.1","versionType":"custom"},{"lessThan":"2020.3.49f1","status":"affected","version":"2020.3","versionType":"custom"},{"lessThan":"2020.2.8f1","status":"affected","version":"2020.2","versionType":"custom"},{"lessThan":"2020.1.18f1","status":"affected","version":"2020.1","versionType":"custom"},{"lessThan":"2019.4.41f1","status":"affected","version":"2019.4 LTS","versionType":"custom"},{"lessThan":"2019.3.17f1","status":"affected","version":"2019.3","versionType":"custom"},{"lessThan":"2019.2.23f1","status":"affected","version":"2019.2","versionType":"custom"},{"lessThan":"2019.1.15f1","status":"affected","version":"2017.1.2p4","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-88","description":"CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2025-10-03T17:22:11.001Z"},"references":[{"url":"https://unity.com/security#security-updates-and-patches"},{"url":"https://unity.com/security/sept-2025-01"},{"url":"https://flatt.tech/research/posts/arbitrary-code-execution-in-unity-runtime/"}],"x_generator":{"engine":"enrichogram 0.0.1"},"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":7.4,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"6000.3","versionEndExcluding":"6000.3.0b4"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"6000.2","versionEndExcluding":"6000.2.6f2"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"6000.0 LTS","versionEndExcluding":"6000.0.58f2"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2022.3 xLTS","versionEndExcluding":"2022.3.67f2"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2021.3 xLTS","versionEndExcluding":"2021.3.56f2"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"6000.1","versionEndExcluding":"6000.1.17f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.2","versionEndExcluding":"2023.2.22f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.1","versionEndExcluding":"2023.1.22f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2022.3 LTS","versionEndExcluding":"2022.3.62f2"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2022.2","versionEndExcluding":"2022.2.23f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2022.1","versionEndExcluding":"2022.1.25f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2021.3 LTS","versionEndExcluding":"2021.3.45f2"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2021.2","versionEndExcluding":"2021.2.20f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2021.1","versionEndExcluding":"2021.1.29f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2020.3","versionEndExcluding":"2020.3.49f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2020.2","versionEndExcluding":"2020.2.8f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2020.1","versionEndExcluding":"2020.1.18f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2019.4 LTS","versionEndExcluding":"2019.4.41f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2019.3","versionEndExcluding":"2019.3.17f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2019.2","versionEndExcluding":"2019.2.23f1"},{"vulnerable":true,"criteria":"cpe:2.3:a:unity3d:unity_editor:*:*:*:*:*:*:*:*","versionStartIncluding":"2017.1.2p4","versionEndExcluding":"2019.1.15f1"}]}]}]},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-426","lang":"en","description":"CWE-426 Untrusted Search Path"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.4,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-10-03T13:54:27.467605Z","id":"CVE-2025-59489","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-03T13:56:31.987Z"}}]},"dataVersion":"5.1"}