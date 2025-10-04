A years-old security vulnerability discovered in the game engine Unity has sent developers scrambling to update their games, with some even pulling titles from sale.

On Friday, Unity urged game developers to take “immediate action” to mitigate the vulnerability, which is reportedly present in all versions of Unity games released since 2017.

According to Unity, there is “no evidence of any exploitation of the vulnerability”, nor has there been “any impact on users or customers”.

“We have proactively provided fixes that address the vulnerability, and they are already available to all developers,” it said.

Unity’s partners have also deployed their own remedies, it said. Microsoft Defender has been updated and will detect and block the vulnerability, while Valve will issue additional protections via its Steam Client.

Unity just sent out an email telling everyone who released a game between 2017 and today that they need to recompile and republish their games due to a security vulnerability. Yikes. CVE-2025-59489 pic.twitter.com/uXgGFMsvFV — George Deglin (@gdeglin) October 3, 2025

When Unity discovers a vulnerability 2 weeks before your game release.

And updating to the patched version breaks all your shaders and half of your game...

That's going to be the best 2 weeks of my life...

🤯🤯🤯#gamedev #indiegame #IndieGameDev #panic #unity pic.twitter.com/mTGYEfzyoF — Fire Hero - 🔥Wishlist on Steam🔥 (@Ravenlore_stu) October 3, 2025

The warning has sent developers scrambling to update their games, new and old. Some major titles, including Marvel Snap and Among Us, have already issued patches.

However, Obsidian has pulled four games from digital stores entirely, including Grounded 2, Avowed, and Pentiment, while it implements updates.

At the time of publishing, the vulnerability has a Common Vulnerability Scoring System (CVSS) of 7.4 out of a possible 10, which means it’s of high severity.

According to a CVE analysis of the Unity vulnerability, “if an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running.”