A critical vulnerability in the Unity game engine allows remote code execution and privilege escalation across multiple platforms, impacting popular games and real-time applications. Developers and users are urged to update their Unity versions to mitigate the risk, with official advisories from Valve and Microsoft. #CVE-2025-59489 #UnityVulnerability
Keypoints
- The vulnerability affects Unity engine versions starting from 2017.1 and can lead to code execution on Android and privilege escalation on Windows.
- Exploit involves unsafe file loading and local file inclusion, allowing malicious apps or files to execute arbitrary code.
- Valve and Microsoft have issued advisories recommending updates or temporary uninstallation of affected games like Hearthstone and DOOM.
- Unity has released patches for supported versions, but older, unsupported versions remain vulnerable.
- The root cause involves improper validation of command line arguments handling within Unityβs runtime, affecting multiple platforms.