- UNITY PATCHES CVE-2025-59489, a high severity failure that enables the execution of the local code and data exposure
- Updated steam and valve protections; The editors urged to rebuild or patch unityplayer.dll in the games
- Microsoft recommends uninstalling vulnerable games built by the unit until the solutions are properly implemented
Unity has solved a high -level vulnerability that could have led to the execution of the local code or the dissemination of information, and now urges users to apply the patch as soon as possible.
Unity is a popular multiplatform game engine used to create 2D, 3D and VR/AR games and other interactive experiences. Many important titles in this engine were built, even among us, Cuphead, Genshin Impact and others.
In a recently published security notice, Unity said he discovered and set a vulnerability of injection of arguments tracked as CVE-2025-59489, which received a gravity score of 8.4/10 (high).
Update of a Unity editor
This failure “could allow the execution of the local code and access to confidential information on end user devices that execute applications built per unit”, warns the advice.
“The execution of the code would be limited to the level of privilege of the vulnerable application, and the dissemination of information would be limited to the information available for the vulnerable application.”
Although there is currently no evidence that vulnerability is being exploited in nature, the company still urges users to apply the solution as soon as possible. The solution includes updating the United editor or replacing the execution time binary with the clean version.
Other companies have already taken note. Steam, for example, updated his client to block the custom URI launch, avoiding exploitation through his platform.
Valve, the company that created and possesses Steam, urged editors to rebuild their games using the newer versions of Unity, or at least implement a fixed version of the ‘unityplayer.dll’ file to their compilations.
In his warning, Microsoft has even taken things one step further, telling its users to uninstall games that were built with the vulnerable version until the solution is implemented. Hearthstone, The Elder Scrolls: Blades, Fallout Shelter, Doom (2019), Wasteland 3 and Forza Customs, are among the defective games, Microsoft added.
Through Bleepingcomputer
