- Unity Patches CVE-2025-59489, a high-severity flaw allowing local code execution and data exposure
- Updated steam and valve protections; Publishers asked to rebuild or patch UnityPlayer.dll in games
- Microsoft recommends uninstalling vulnerable unit-built games until patches are successfully deployed
Unity has fixed a high-level vulnerability that could have led to local code execution or information disclosure, and is now urging users to apply the patch as soon as possible.
Unity is a popular cross-platform game engine used to create 2D, 3D and VR/AR games and other interactive experiences. Many major titles have been built on this engine, including Among Us, Cuphead, Genshin Impact and others.
In a recently published security advisory, Unity said it discovered and fixed an argument injection vulnerability tracked as CVE-2025-59489, which received a severity score of 8.4/10 (high).
Unit Editor Update
This flaw “could allow local code execution and access to confidential information on end-user devices running unit-built applications,” the advisory warns.
“Code execution would be limited to the privilege level of the vulnerable application, and information disclosure would be limited to information available to the vulnerable application.”
Although there is currently no evidence of the vulnerability being exploited in the wild, the company still urges users to apply the patch as soon as possible. The fix includes either updating the Unity editor or replacing the runtime binary with the clean version.
Other companies have already taken note. Steam, for example, updated its client that blocks custom URI scheme launches, preventing exploitation through its platform.
Valve, the company that created and owns Steam, has urged publishers to rebuild their games using newer versions of Unity, or to deploy at least a fixed version of the ‘unityplayer.dll’ file to their builds.
In its advisory, Microsoft went even further, telling its users to uninstall games built with the vulnerable version until the patch is deployed. Hearthstone, The Elder Scrolls: Blades, Fallout Shelter, Doom (2019), Wasteland 3 and Forza Customs are among the defective games, Microsoft added.
Via Bleepingcomputer
