Urgent Software Update Needed for Unity Engine
Gamers and game developers are being advised to update their software immediately due to a vulnerability discovered in the Unity engine, which is widely used in game development. The bug, known as CVE-2025-59489, could potentially allow malicious files to take control of permissions granted to Unity games and run commands on a victim’s device.
The vulnerability primarily affects Android, Windows, Linux, and MacOS systems, but does not seem to be exploitable on iOS devices or gaming consoles like Xbox, PlayStation, and Nintendo Switch. Unity has released fixes for the vulnerability, reassuring users that there has been no evidence of exploitation or impact on customers.
While the bug has not been exploited yet, the risks are significant due to the widespread use of Unity on billions of Android devices worldwide. Popular games like Pokémon GO, Genshin Impact, and Call of Duty: Mobile are built using the Unity engine.
Microsoft has advised users to temporarily uninstall vulnerable apps and games until updates are available, while Steam has announced measures to block potentially malicious command line parameters in Unity games. The bug was reported by a researcher at GMO Flatt Security during the Meta Bug Bounty Researcher Conference in June.
GMO Flatt Security praised Unity for promptly addressing the issue and emphasized the importance of collaboration in enhancing software security. Unity users are encouraged to update their software and stay vigilant to protect against potential threats.
For more insights, consider exploring the Recorded Future Intelligence Cloud to stay informed on cybersecurity developments.
