Summary: A security vulnerability was identified that affects games and applications built on Unity versions 2017.1 and later for Android, Windows, Linux, and macOS operating systems. There is no evidence of any exploitation of the vulnerability, nor has there been any impact on users or customers. This article explains what actions you need to take if you have developed and released a game using Unity 2017.1 or later for Windows, Android, Linux, or macOS.
Symptoms:
I’ve heard about a vulnerability with Unity. How do I know my games/apps are safe?
Do I need to update my games/apps because of the security vulnerability?
How do I apply the security patch to my Unity games and apps?
How do I update my games and apps with the latest Unity security update?
Cause:
A security vulnerability was identified that affects games and applications built on Unity versions 2017.1 and later for Android, Windows, Linux, and macOS operating systems. There is no evidence of any exploitation of the vulnerability, nor has there been any impact on users or customers.
We have proactively provided fixes that address the vulnerability, and they are already available to all developers. In addition, our platform partners have taken further steps to secure their platforms.
We have patched and released an update for each major and minor version of Unity starting with 2019.1. For developers with projects built using 2017.x or 2018.x, the only solution is to use our new standalone patching tool which can patch already built applications.
Unity is dedicated to the security and integrity of our platform, our customers, and the wider community.
Resolution:
You need to take action if you have developed and released a game or application using Unity 2017.1 or later for Windows, Android, or macOS. It is imperative that you review the following guidance to ensure the continued safety of your users.
If your project is still in active development (Editor versions 2019.x+):
Update your Unity Editor to the latest patched release (available via Unity Hub or the Unity Download Archive) before continuing to build and publish. This will ensure that your releases are fully protected. We have patched and released an update for each major and minor version of Unity, starting with Unity 2019.1.
To rebuild your application with a patched Unity Editor version:
-
Download the latest release of the Unity Editor that matches the Unity version your application was built with (e.g., Unity 6, Unity 2022):
a) Unity Hub
Open your project in the updated Editor (be sure to make a backup).
Rebuild and retest your application.
Republish to your distribution channels (if applicable).
For more comprehensive technical details, please consult our developer remediation guide.
If your project was built using Editor versions 2017.x or 2018.x:
If you are using an older version (2017.x or 2018.x), We have released a dedicated patching tool enabling you to quickly and easily update your existing executables. After applying the patch, redistribute your application through your chosen channels. For more comprehensive technical details, please consult our developer remediation guide.
For Android or Windows Applications, some additional protections are being put in place:
If your Android application is distributed via Google Play, other third-party Android App stores, or direct download: As an additional layer of defense, Android’s built-in malware scanning and other security features will help reduce risks to users posed by this vulnerability. This does not replace the time critical need to apply the patch update for affected apps. (These protections do not apply to Android Open Source Project AOSP-based platforms unaffiliated with Google.)
If your application targets Windows: For Windows-based applications, Microsoft Defender has been updated and will detect and block the vulnerability. Valve will issue additional protections for the Steam client.
If your application uses tamper-proofing or anti-cheat solutions:
You will need to rebuild your project with the patched update for your version of the Unity Editor and redeploy to maintain these protections. Patching your existing application isn’t possible because it will trip the tamper protection.
To rebuild your application with a patched Unity Editor version:
-
Download the latest release of the Unity Editor that matches the Unity version your application was built with (e.g., Unity 6, Unity 2022):
a) Unity Hub
Open your project in the updated Editor (be sure to make a backup).
Rebuild and retest your application.
Republish to your distribution channels.
For more comprehensive technical details, please consult our developer remediation guide.
Additional Platforms:
For Horizon OS: Meta devices have implemented mitigations so that vulnerable Unity apps running on Horizon OS cannot be exploited.
For Linux: The vulnerability presents a much lower risk on Linux compared to Android, Windows, and macOS.
For all other Unity-supported platforms including iOS, there have been no findings to suggest that the vulnerability is exploitable.
For the best protection, we always recommend you are on the latest patch release of the version of Unity you are using.
Consumer guidance:
There is no evidence of any exploitation of the vulnerability nor has there been any impact on users or customers.
Advise your users to keep their devices and applications updated, enable automatic updates, and maintain current antivirus software.
Encourage security best practices, including avoiding suspicious downloads and routinely updating all software.
For more comprehensive technical details, please consult our patching tool and remediation guide, Security Advisory, and CVE-2025-59489. If you have any questions, join us in Discussions, or if you need additional support, contact the Customer Experience team.
Your proactive attention to this matter is essential to protect your users and allow you to uphold the highest standards of security.