- Unity Patches CVE-2025-59489, an error in high difficulty group enabling local code execution and data exposure
- Steam and valve updated protection; Publishers called for rebuilding or patching device spiler.dll in games
- Microsoft recommends uninstalling vulnerable device -building games until fixes are properly implemented
Unit has established a high -level vulnerability that could have led to local code execution or information information, and are now encouraging users to use the patch as soon as possible.
Device is a popular cross-platform game engine used to create 2D, 3D and VR/AR games and other interactive experiences. Many great titles were built on this engine, including among us, Cuphead, Genshin Impact and others.
In a recently published security advice, Unity said it revealed and fixed an argument injection vulnerability traced as CVE-2025-59489, which received a severity of 8.4/10 (high).
Updating Unity Editor
This error “could allow local code execution and access to confidential information on end -user devices running device -built applications,” the advice warns.
“Code execution would be limited to the privilege level of the vulnerable application and information information would be limited to the available information for vulnerable use.”
Although there is currently no evidence that vulnerability is being exploited in nature, the company still encourages users to apply the correction as soon as possible. The correction includes either Unity Editor Updating or Runtime replacement with the pure version.
Other companies have already noted. For example, Steam updated his client, which blocks custom URI scheme, which prevents utilization through his platform.
Valve, the company that created and owns Steam, urged publishers to rebuild their games using recent versions of Unity or at least implement a fixed version of the ‘Unityplayer.dll’ file to their builds.
In his advice, Microsoft has even taken things a step further and asked its users to uninstall games that were built with the vulnerable version until the fix is implemented. Hearthstone, The Elder Scrolls: Blades, Fallout Shelter, Doom (2019), Wasteland 3 and Forza Customs, are among the deficient games, Microsoft added.
Via Bleeping computer
