#VU116896 Untrusted search path in Unity Editor - CVE-2025-59489
Published: October 10, 2025 / Updated: October 24, 2025
Vulnerability identifier: #VU116896
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2025-59489
CWE-ID: CWE-426
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Unity Editor
Unity Editor
Software vendor:
Unity Technologies
Unity Technologies
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
Note, the vulnerability is described in the Unity Editor application although it directly affects all apps build it Unity Editor.
Remediation
It is recommended to rebuild all applications built with Unity Editor after installing the latest version of the editor.