CNNVD-202510-474 Information

CNNVD ID

CNNVD-202510-474

Related CVE

CVE-2025-59489

• CNNVD Published: 2025-10-03

Description (Chinese)

Unity Runtime是美国Unity公司的一款负责执行逻辑、渲染、物理与交互的底层系统。 Unity Runtime 2025-10-02之前版本存在参数注入漏洞，该漏洞源于参数注入，可能导致从意外位置加载库代码，从而执行任意代码和泄露机密信息。

Description (English)

Unity Runte is a bottom-up system for the implementation of logic, rendering, physics and interaction with the United States. There was a gap in parameters in the pre-Unity Runtime 2025-10-02 version, which stemmed from the injection of parameters and could lead to the loading of library codes from an unexpected location, thus enforcing arbitrary codes and divulging confidential information.

Hazard Level

Medium

Vulnerability Type

参数注入

Affected Vendor

Unity

Published

2025-10-03

Last Modified

2026-02-24

References

https://flatt.tech/research/posts/arbitrary-code-execution-in-unity-runtime/ https://unity.com/security#security-updates-and-patches https://unity.com/security/sept-2025-01 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59489