Unity Runtime unsafe file loading and local file inclusion information disclosure flaw (CVE-2025-59489)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-59489 in Unity Runtime enables unsafe file loading and local file inclusion, creating code execution and information disclosure risk for affected Unity-built applications. Unity has released fixes, and the issue is relevant across multiple platforms including Android, Windows, macOS, and Linux. The vendor said it had seen no active exploitation as of October 2nd, but rebuild-and-redeploy guidance means the flaw still requires prompt remediation.
Related Happenings
Microsoft WinSqlite3.dll false-positive remediation
Advisory/Mitigation
First: 14.01.2026 18:44
Last: 14.01.2026 18:44
Sources 1
About this happening:
**Microsoft** resolved a **false-positive security alert** affecting **WinSqlite3.dll**, reducing incorrect vulnerability warnings on core **Windows** systems. The fix applies acr...
Microsoft WinSqlite3.dll false-positive remediation
Advisory/MitigationAbout this happening: **Microsoft** resolved a **false-positive security alert** affecting **WinSqlite3.dll**, reducing incorrect vulnerability warnings on core **Windows** systems. The fix applies acr...
Steam client update blocks custom URI scheme launches to reduce exploitation
Security Tool/Service
First: 06.10.2025 16:56
Last: 06.10.2025 16:56
Sources 1
How related:
Steam has taken action by releasing a new Client update that blocks the launching of custom URI schemes to prevent exploitation through its distribution platform.
About this happening:
**Steam** released a **Client update** that blocks **custom URI scheme** launches, reducing a potential exploitation path through the platform. The change matters because it harde...
Steam client update blocks custom URI scheme launches to reduce exploitation
Security Tool/ServiceHow related: Steam has taken action by releasing a new Client update that blocks the launching of custom URI schemes to prevent exploitation through its distribution platform.
About this happening: **Steam** released a **Client update** that blocks **custom URI scheme** launches, reducing a potential exploitation path through the platform. The change matters because it harde...
Timeline
-
06.10.2025 16:56 1 articles · 7mo ago
Steam, Valve, and Microsoft issue mitigations
Mitigation Patch UpdateSteam released a Client update that blocks launching custom URI schemes to reduce exploitation through its distribution platform, while Valve advised publishers to rebuild games with a safe Unity version or patch UnityPlayer.dll into existing builds. Microsoft also warned users to uninstall vulnerable games until updated versions addressing CVE-2025-59489 are available.
Show sources
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56
-
02.10.2025 03:00 2 articles · 7mo ago
Unity bulletin announces CVE-2025-59489 fixes
Technical Analysis UpdateUnity’s security bulletin for CVE-2025-59489 states that no active exploitation had been observed as of October 2nd and that fixes were available for out-of-support versions starting 2019.1 and later. The guidance directs developers to update the Unity Editor to the newest version, then rebuild and redeploy the application, or replace the Unity runtime binary with a patched version.
Show sources
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56