A high-severity vulnerability exists in the Unity Runtime affecting multiple platforms, including Windows, macOS, Linux, and Android. An attacker can exploit this flaw through argument injection to force a vulnerable application to load and execute malicious code from an unauthorized location, potentially leading to a full system compromise.

The vulnerability is an argument injection flaw within the Unity Runtime. An attacker can craft a malicious argument, such as a specially formatted command-line parameter or a custom URI handler, that is passed to a Unity-based application. The application's runtime environment fails to properly sanitize this input, causing it to interpret part of the argument as a path to a library file. This allows an attacker to trick the application into loading a dynamic library (e.g., a .dll on Windows or a .so on Linux/Android) from an attacker-controlled location, resulting in arbitrary code execution with the permissions of the vulnerable application.

This vulnerability is rated as High severity with a CVSS score of 7.4. Successful exploitation could lead to arbitrary code execution on user systems, allowing an attacker to install malware, steal sensitive data (such as credentials or personal information processed by the application), or gain a foothold within the network. Given that Unity is a popular engine for games and other interactive applications, a wide range of products could be affected, posing a significant risk to both customer data and internal corporate systems if vulnerable applications are used within the organization.

Immediate Action: Identify all applications within the environment that are built on the Unity engine and determine if they are running a vulnerable version of the runtime. Apply the security updates provided by the software vendor immediately to patch the affected components. Following the update, monitor systems for any signs of post-patch exploitation attempts and review application and system access logs for indicators of compromise that may have occurred prior to patching.

Proactive Monitoring: Security teams should monitor for suspicious process execution chains originating from Unity-based applications. Specifically, look for processes attempting to load dynamic libraries from non-standard or user-writable directories (e.g., Temp folders, download directories). Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) systems should be configured to alert on unusual command-line arguments passed to known Unity applications.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Use application whitelisting solutions (like AppLocker or SELinux) to restrict the loading of unauthorized libraries. Enforce the principle of least privilege to ensure that applications and users do not have unnecessary write permissions to directories from which libraries could be loaded.

Public Exploit Available: false

This vulnerability presents a significant risk due to its high severity (CVSS 7.4) and the widespread deployment of the Unity Runtime. We strongly recommend that organizations prioritize the identification of all vulnerable applications and deploy the vendor-supplied patches without delay. Although this CVE is not currently on the CISA KEV list, its potential for arbitrary code execution makes it a critical target for attackers, and swift remediation is essential to prevent system compromise.