Steam warns that Unity flaws could leave gamers vulnerable
The game sales platform Steam has issued a warning after discovering a code execution vulnerability in the Unity game engine.
Steam :: Steamworks Development :: Notice for Unity Game Developers: CVE-2025-59489
Steam and Microsoft warn of Unity flaw exposing gamers to attacks
On October 3, 2025, it was announced that applications created with Unity 2017.1 or later had a vulnerability that could allow attackers to remotely attack user machines. This issue was reported as CVE-2025-59489 , and Unity quickly distributed a patch. According to Unity, there is no evidence that the vulnerability has been exploited.
This vulnerability affects multiple platforms, including Android, Windows, macOS, and Linux. Unity has urged users to 'rebuild and redeploy all affected applications.'
In response to this issue, Steam has released a Steam client update for all users that will block the launch of games that contain any of the four vulnerable command line parameters in the launch request.
Valve, the company that operates Steam, is recommending that publishers rebuild their games with a safe version of Unity or directly incorporate the fixed 'UnityPlayer.dll' file into existing builds.
Microsoft has also released a security bulletin regarding this issue, recommending that players uninstall affected games until new versions that address CVE-2025-59489 are available.
According to the company, popular game titles affected include Hearthstone, The Elder Scrolls: Blades, Fallout Shelter, DOOM: Annihilation, and Wasteland 3.
Related Posts:
