What is the CVSS score of CVE-2025-59489?

CVE-2025-59489 has a CVSS 3.1 base score of 7.4 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Editor are affected by CVE-2025-59489?

CVE-2025-59489 is a HIGH severity argument injection vulnerability (CVSS 7.4) affecting an unspecified product with publicly available exploit code.. A patch is available.

Is there a public PoC exploit available for CVE-2025-59489?

Yes, a public proof-of-concept exploit is available for CVE-2025-59489. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-59489?

Within 24 hours: identify all systems running the affected product and isolate or restrict network access to vulnerable instances. Within 7 days: apply vendor-released patch to all affected systems, prioritizing internet-facing and authentication-critical applications. Within 30 days: conduct vulnerability scan across the environment to confirm remediation and verify no additional instances remain unpatched.

Editor CVE-2025-59489

EUVD-2025-32504 HIGH

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

2025-10-03 cve@mitre.org

Code Injection Editor Android Windows macOS

7.4

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:25 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

2019.2.23f1,2019.1.15f1,6000.1.17f1

EUVD ID Assigned

Mar 13, 2026 - 19:29 euvd

EUVD-2025-32504

Analysis Generated

Mar 13, 2026 - 19:29 vuln.today

PoC Detected

Oct 22, 2025 - 18:12 vuln.today

Public exploit code

CVE Published

Oct 03, 2025 - 14:15 nvd

HIGH 7.4

DescriptionCVE.org

Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications.

AnalysisAI

CVE-2025-59489 is a security vulnerability (CVSS 7.4) that allows argument injection that can result. Risk factors: public PoC available.

Technical ContextAI

Vulnerability type not specified by vendor. CVSS 7.4 indicates high severity.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-59489 vulnerability details – vuln.today

Back

Editor CVE-2025-59489

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code