Unity Security Flaw Prompts Urgent updates for Developers and Players
A security vulnerability within the Unity game engine, perhaps allowing attackers to execute code and steal data, has been disclosed, prompting a wave of updates from developers and platform holders. Unity is urging developers who used versions 2017.1 or later to build games and applications for Windows, Android, or macOS to take action. The flaw centers around a vulnerability in the Unity Runtime code, potentially impacting applications built with affected versions of the Unity Editor.
The vulnerability, tracked as CVE-2025-59489, could allow an adversary to execute code on a user’s machine and exfiltrate confidential details if an application was built with the vulnerable code. While Unity has acknowledged the issue, it states that no exploitation has been found on iOS, visionOS, tvOS, Xbox, Nintendo Switch, PlayStation, UWP, Quest, and webgl platforms. “Platform partners” have also “taken further steps to secure their platforms and protect end users,” according to Microsoft’s David Hryb,who first reported the issue.
Valve has already released a new version of Steam with mitigations for the exploit, and Microsoft Defender has been updated to detect and block the vulnerability on Windows. Google and Meta have also taken steps to address the issue.
Several developers have proactively responded by temporarily removing games from digital storefronts or releasing updates. Obsidian Entertainment pulled grounded 2 Founders Edition, Avowed Premium Edition, Pillars of Eternity: hero Edition, Pillars of Eternity II: Deadfire, and Pentiment untill updates can be implemented.Marvel Snap, No Rest for the Wicked, Ingress, and Fate/Grand Order have all received updates, and Atlus announced an update is coming for Persona 5: The Phantom X.
