Forum Discussion

Nikecat18's avatar
Nikecat18
Seasoned Newcomer
29 days ago

Security Vulnerability - PC Client & Android App

Earlier this month Unity released an announcement regarding the exploit, CVE-2025-59489, which allows arbitrary code execution through Unity with the permissions granted on the host device and has existed in every version of Unity since 2017. This means malicious code could use the PC Client and Android App to steal information or worse from devices where it is installed. The platforms it is affecting are: Windows, macOS, Android, and Linux.

Unity has released a Remediation guide for developers to patch their games and remove this exploit.

However at least for the PC Client the Unity version has not been patched, it is running 2022.3.62f1 which is a Susceptible Version.

I have not seen any information posted regarding a timeline or action being taken to address this situation and hope that there is something happening in the background because right now anyone who is playing the game on these platforms is at risk.

I hope to see this fixed as soon as possible,

N

feedback

3 Replies

  • DUNCAN1919's avatar
    DUNCAN1919
    Seasoned Ace
    28 days ago

    You really don't know much about this do you? The patch has only been available since 2/10, and the CVE itself a day later,  and if you were security conscious you would have an AV scanner  that protects against this, and would have checked and then would  really not be stressing about this.

    It will be fixed but your fantasy timeline as to how you think it should work is nonsensical as the process is not as simple as you think it should be, particularly as by the games nature 3 separate platforms need to be patched, tested and republished.

  • Nikecat18's avatar
    Nikecat18
    Seasoned Newcomer
    28 days ago

    DUNCAN1919​ The CVE was published 10/3.... https://nvd.nist.gov/vuln/detail/CVE-2025-59489 Unity didn't disclose this until they had come up with a patch to close it. (Edit: realized your 3/10 original post meant October 3rd, not March 10th so disregard the above)

    An anti-virus/anti-malware would do jack against this exploit, it allows low level privileged attacks to happen. (That you said AV scanner instead of Defender is telling....)

    My fantasy timeline? Activision/Blizzard already patched Hearthstone. Unity provided a step by step solution for devs to follow. 

    Microsoft literally advises uninstalling any Unity games until they are patched, Steam blocked unity based games from launching if they were susceptible. So please tell me that you know better than them and we should not be stressing.

About SWGOH General Discussion

Discuss and share your feedback on Star Wars: Galaxy of Heroes with fellow players.82,061 PostsLatest Activity: 30 minutes ago