Code Execution Vulnerability in Unity Game Engine Affects Multiple Platforms
Summary
Hide ▲
Show ▼
A code execution vulnerability in the Unity game engine (CVE-2025-59489) allows arbitrary code execution on Android and privilege escalation on Windows. The flaw affects games built with Unity versions since 2017.1. Steam and Microsoft have issued warnings and patches to mitigate the risk. The vulnerability enables malicious apps on Android to execute code with the privileges of the target game. On Windows, macOS, and Linux, similar exploitation paths exist. Unity has released patches for supported versions, but older unsupported versions remain vulnerable.
Timeline
-
06.10.2025 16:56 1 articles · 13h ago
Unity Game Engine Vulnerability (CVE-2025-59489) Disclosed
A code execution vulnerability in the Unity game engine (CVE-2025-59489) was discovered in May 2025. The flaw affects games built with Unity versions since 2017.1 and allows arbitrary code execution on Android and privilege escalation on Windows. Steam and Microsoft have issued warnings and patches to mitigate the risk. Unity has released fixes for supported versions, but older unsupported versions remain vulnerable.
Show sources
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56
Information Snippets
-
The Unity game engine vulnerability (CVE-2025-59489) allows code execution on Android and privilege escalation on Windows.
First reported: 06.10.2025 16:561 source, 1 articleShow sources
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56
-
The flaw affects Unity versions starting from 2017.1 and is present in games built with these versions.
First reported: 06.10.2025 16:561 source, 1 articleShow sources
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56
-
Steam has released an update to block custom URI schemes to prevent exploitation.
First reported: 06.10.2025 16:561 source, 1 articleShow sources
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56
-
Microsoft has warned users to uninstall vulnerable games until patches are available.
First reported: 06.10.2025 16:561 source, 1 articleShow sources
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56
-
Popular games like Hearthstone, The Elder Scrolls: Blades, and Fallout Shelter are affected.
First reported: 06.10.2025 16:561 source, 1 articleShow sources
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56
-
Unity has released patches for versions starting from 2019.1, but older versions are not supported.
First reported: 06.10.2025 16:561 source, 1 articleShow sources
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56
-
The vulnerability was discovered by GMO Flatt Security’s researcher RyotaK in May 2025.
First reported: 06.10.2025 16:561 source, 1 articleShow sources
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56