Critical Unity Flaw CVE-2025-59489 Exposes Games Built Since 2017 to Local Code Execution

by ddos · October 7, 2025

Researcher RyotaK of GMA Flatt Security discovered a serious vulnerability in the Unity game engine—tracked as CVE-2025-59489—which allows a co-resident application on the same device to inject additional command-line parameters into Unity games, creating an avenue to load malicious code alongside the game. The analysis was performed on Android devices, but the researcher warns the flaw affects builds for other platforms as well and, in narrow scenarios, could theoretically be exploited via a browser or remotely.

The root cause lies in the behavior of the Unity Editor: vulnerable builds were produced by every editor version since 2017.1, meaning virtually every game released over the past eight years may be exposed. To mitigate the risk, developers must recompile their projects using the patched editor and issue updated game builds that eliminate the ability to tamper with launch parameters. Unity has already released a fix, yet the engine’s vast install base means a comprehensive remediation will take time.

Platform responses were swift: Valve restricted the launch of Unity titles via Steam when certain command-line parameters—known to be abused by attackers—are present, while Microsoft warned that Windows games are at elevated risk and advised removing vulnerable applications until proper updates arrive. Platform representatives clarified that Xbox executables are unaffected, but Windows and PC clients should exercise caution. Over the weekend some developers began shipping patched releases, but most projects still require recompilation and redistribution.

Exploitation is judged relatively straightforward: a low-privilege attacker need only run an application on the same system that appends launch parameters and coerces the Unity game to load a malicious module. The confluence of easy exploitation and Unity’s ubiquity yields a broad attack surface—spanning indie titles to high-profile AAA games. Security teams warn that active exploitation may emerge soon, and PC owners are urged to monitor developer patches and storefront policies closely.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal