Unity security issue could let hackers gain access to Windows and Android systems - here's what we know

News
By published

Unity game engine is flawed, and companies are taking notice

The Unity logo displayed over an image of someone using a mouse and keyboard.
(Image credit: Unity, Axville via Unsplash)
  • Unity patches CVE-2025-59489, a high-severity flaw enabling local code execution and data exposure
  • Steam and Valve updated protections; publishers urged to rebuild or patch UnityPlayer.dll in games
  • Microsoft recommends uninstalling vulnerable Unity-built games until fixes are properly deployed

Unity has fixed a high-level vulnerability which could have led to local code execution or information disclosure, and is now urging users to apply the patch as soon as possible.

Unity is a popular cross-platform game engine used to create 2D, 3D, and VR/AR games and other interactive experiences. Many major titles were built on this engine, including Among Us, cuphead, Genshin Impact, and others.

In a recently published security advisory, Unity said it uncovered and fixed an argument injection vulnerability tracked as CVE-2025-59489, which was given a severity score of 8.4/10 (high).

Updating Unity Editor

This flaw “could allow local code execution and access to confidential information on end user devices running unity-built applications,” the advisory warns.

“Code execution would be confined to the privilege level of the vulnerable application, and information disclosure would be confined to the information available to the vulnerable application.”

While there is currently no evidence the vulnerability is being exploited in the wild, the company is still urging users to apply the fix as soon as possible. The fix includes either updating the Unity Editor, or replacing the runtime binary with the clean version.

Other companies have already taken note. Steam, for example, updated its Client that blocks custom URI scheme launches, preventing exploitation through its platform.

Valve, the company which created and owns Steam, urged publishers to rebuild their games using newer versions of Unity, or to at least deploy a fixed version of the ‘UnityPlayer.dll’ file to their builds.

In its advisory, Microsoft has even taken things a step further, telling its users to uninstall games that were built with the vulnerable version until the fix is deployed. Hearthstone, The Elder Scrolls: Blades, Fallout Shelter, DOOM (2019), Wasteland 3, and Forza Customs, are among the flawed games, Microsoft added.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.