EUVD-2025-32504

| CVE-2025-59489 HIGH
2025-10-03 [email protected]
7.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 13, 2026 - 19:29 vuln.today
EUVD ID Assigned
Mar 13, 2026 - 19:29 euvd
EUVD-2025-32504
PoC Detected
Oct 22, 2025 - 18:12 vuln.today
Public exploit code
CVE Published
Oct 03, 2025 - 14:15 nvd
HIGH 7.4

Tags

Code Injection Editor Android Windows macOS

Description

Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications.

Analysis

CVE-2025-59489 is a security vulnerability (CVSS 7.4) that allows argument injection that can result. Risk factors: public PoC available.

Technical Context

Vulnerability type not specified by vendor. CVSS 7.4 indicates high severity.

Affected Products

['Unspecified product']

Remediation

Monitor vendor channels for patch availability.

Priority Score

57
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +37
POC: +20

Share

EUVD-2025-32504 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy