CVE-2025-59489NVD

Vulnerability Summary

Unity Editor 2019.1 through 6000.3 could allow remote attackers to exploit file loading and Local File Inclusion (LFI) mechanisms via a crafted local application because of an Untrusted Search Path. This could permit unauthorized manipulation of runtime resources and third-party integrations. The issue could affect applications built using Unity and deployed across Android, Windows, macOS, and Linux platforms.

Severity Level

HIGH(8.4)

Published Date

Oct 3, 2025

Last Modified

Oct 3, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-426: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://flatt.tech/research/posts/arbitrary-code-execution-in-unity-runtime/
https://unity.com/security#security-updates-and-patches
https://unity.com/security/sept-2025-01

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-59489NVD

Vulnerability Summary

External References