Gamers and game developers have been faced with security challenges due to vulnerabilities in their designs which bad actors exploit. This time, Unity engine, the world’s most popular games development tool has a bug that can be exploited.
The bug tracked as CVE-2025-59489 on 3 October affects certain apps built using affected versions of Unity by exposing them to attacks that could execute arbitrary code.
According to the company, the vulnerability affects primarily Android and Windows devices, exposing gamers to risks.
How it works
The bug allows malicious files to hijack permissions granted to a Unity game and run commands using the app’s permissions on a victim’s device.
In a warning, the company said the vulnerability could allow “access to confidential information on end user devices running unity-built applications.”
“There is no evidence of any exploitation of the vulnerability nor has there been any impact on users or customers. Unity has provided fixes that address the vulnerability and they are already available to all developers.”
Although the vulnerability also affects Linux and MacOS systems, it doesn’t seem to be exploitable on iOS devices, nor on games on Xbox, PlayStation or Nintendo Switch, hence the concern for just Android and Windows users.
The Unity engine is a big influence in the gaming industry, which makes this bug a concern even though there’s no record of exploitation.
Some popular games built with the tool include Pokémon GO, Genshin Impact and Call of Duty: Mobile.
The bug was first reported during the Meta Bug Bounty Researcher Conference in June by RyotaK, a researcher at Japanese cybersecurity company GMO Flatt Security which said:
“We appreciate Unity’s commitment to addressing this issue promptly and their ongoing efforts to enhance the security of their platform. Security vulnerabilities are an inherent challenge in software development, and by working together as a community, we can continue to make software systems safer for everyone.”
As a precaution, Microsoft has advised that affected Microsoft apps and games be uninstalled until there’s an update, but suggested updating the apps and using Microsoft Defender could keep them safe.
What do you think?
Join Techgaged on Telegram
Get first-access to daily trending tech stories, AI breakthroughs, and more, before it hits your feed.
