CVE-2025-59489

Name of the Vulnerable Software and Affected Versions Unity versions 2017.1 through 6000.3

Description A critical vulnerability exists in the Unity Runtime, potentially allowing attackers to execute arbitrary code on systems running applications built with affected versions of the engine. This vulnerability, identified as CVE-2025-59489, stems from an untrusted search path that allows malicious libraries to be loaded. While primarily a local code execution issue, remote exploitation is possible under specific conditions on Android. The vulnerability affects applications built with Unity versions 2017.1 and later for Windows, Android, macOS, and Linux. No known exploits have been reported, but the potential impact is significant, as Unity is used in a vast number of games and applications. Microsoft and Valve have implemented mitigations, and Unity has released patches and a binary patching tool for developers.

Recommendations Update to the latest patched Unity Editor and rebuild applications to address the vulnerability. If rebuilding is not feasible, use the Unity binary patching tool to patch existing builds. Ensure automatic updates are enabled for games and applications. Keep antivirus software up to date.