- Unity patches CVE-2025-59489, a high-severity flaw enabling local code execution and data exposure
- Steam and Valve updated protections; publishers urged to rebuild or patch UnityPlayer.dll in games
- Microsoft recommends uninstalling vulnerable Unity-built games until fixes are properly deployed
Unity has fixed a high-level vulnerability which could have led to local code execution or information disclosure, and is now urging users to apply the patch as soon as possible.
Unity is a popular cross-platform game engine used to create 2D, 3D, and VR/AR games and other interactive experiences. Many major titles were built on this engine, including Among Us, cuphead, Genshin Impact, and others.
In a recently published security advisory, Unity said it uncovered and fixed an argument injection vulnerability tracked as CVE-2025-59489, which was given a severity score of 8.4/10 (high).
Updating Unity Editor
This flaw “could allow local code execution and access to confidential information on end user devices running unity-built applications,” the advisory warns.
“Code execution would be confined to the privilege level of the vulnerable application, and information disclosure would be confined to the information available to the vulnerable application.”
While there is currently no evidence the vulnerability is being exploited in the wild, the company is still urging users to apply the fix as soon as possible. The fix includes either updating the Unity Editor, or replacing the runtime binary with the clean version.
Other companies have already taken note. Steam, for example, updated its Client that blocks custom URI scheme launches, preventing exploitation through its platform.
Valve, the company which created and owns Steam, urged publishers to rebuild their games using newer versions of Unity, or to at least deploy a fixed version of the ‘UnityPlayer.dll’ file to their builds.
In its advisory, Microsoft has even taken things a step further, telling its users to uninstall games that were built with the vulnerable version until the fix is deployed. Hearthstone, The Elder Scrolls: Blades, Fallout Shelter, DOOM (2019), Wasteland 3, and Forza Customs, are among the flawed games, Microsoft added.
Via BleepingComputer
You might also like
- Google’s new AI gaming engine can recreate DOOM and basically all your other favorite games too
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
