Main Vulnerability Database SB2025101023

SB2025101023 - Privilege escalation in Unity Runtime

Published: October 10, 2025 Updated: October 24, 2025

Security Bulletin ID SB2025101023

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Untrusted search path (CVE-ID: CVE-2025-59489)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.

Note, the vulnerability is described in the Unity Editor application although it directly affects all apps build it Unity Editor.

Remediation

Install update from vendor's website.

References

https://flatt.tech/research/posts/arbitrary-code-execution-in-unity-runtime/
https://unity.com/security/sept-2025-01