CVE-2025-59489 MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability

Unity announced a security vulnerability (CVE-2025-59489) that is affecting games or applications built with the Unity Gaming Engine Editor (version 2017.1 or later).

You may be using a Microsoft app or playing a Microsoft game that should be uninstalled until an update is available. We are working to update games and applications that are potentially affected by this Unity vulnerability.

In most cases, you can stay safe by ensuring your games and applications are up to date and Microsoft Defender is running on your device.

If you have downloaded a vulnerable game or app (see list below) on one of the following platforms, you could be at risk:

• Android
• Windows
• Linux (Desktop)
• Linux (embedded)
• MacOS

We have confirmed the following are not impacted:

• Xbox consoles
• Xbox Cloud Gaming
• iOS
• HoloLens

Recommended Next Steps:

For Developers: Unity has made a fix available to developers. Organizations who believe that they have an app or game that might be impacted should reference Unity guidance and update their apps/games as soon as possible. You can learn more from Unity here.

For Players and Customers: Microsoft security and game development teams are working to update any game or application that is potentially affected by this Unity vulnerability.

If a Microsoft-owned game or application is not listed and you have installed all available updates, no further action is required. For customers who have automatic updates enabled, fixes will be deployed as they become available. If you have automatic updates turned off, please check to see if you have any updates available for your downloaded apps and games and install the latest update on your device.

Customers who have an impacted app or game installed (see below list) are encouraged to take these steps:

• Temporarily uninstall any impacted Microsoft apps or games until an update is available. For more guidance on how to uninstall, please see the FAQs below.
• Use an up-to-date version of Microsoft Defender to detect and block attempts to exploit this vulnerability.
• Follow guidance from Unity or your platform provider.
• Microsoft-owned games and apps affected by this vulnerability and their requisite updates are documented in the Security Updates Table.

For Microsoft Mesh Apps Users

In response to this CVE that is affecting applications built with the Unity Gaming Engine Editor (version 2017.1 or later), Microsoft has released a required security update for the Microsoft Mesh PC applications. We strongly encourage all users with the Microsoft Mesh apps installed on their devices to promptly update to the latest version of these apps, version 5.2513.3.0 or greater. If you have automatic updates enabled for these apps on all devices, no further action is required.

While we do not expect this to affect the functionality of any previously-scheduled events in Microsoft Mesh, use of the immersive spaces in Microsoft Teams meetings, or immersive events in Microsoft Teams, users will be required to update the Mesh PC apps before joining newly scheduled events in Mesh. We are informing you of this now so that you can mitigate any disruptions this may introduce to your events.

Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59489