CVE-2025-59489: Arbitrary Code Execution in Unity Runtime - GMO Flatt Security Research
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at GMO Flatt Security Inc. In May 2025, I participated in the Meta Bug Bounty Researcher Conference 2025. During this event, I discovered a vulnerability (CVE-2025-59489) in the Unity Runtime that affects games and applications built on Unity 2017.1 and later. In this article, I will explain the technical aspects of this vulnerability and its impact. This vulnerability was disclosed to Unity following responsible disclosure pra...| GMO Flatt Security Research
