Unity Security Update Advisory (CVE-2025-59489)

Orphaned Punk · Oct 3, 2025

Supposidely, 25% of games sold and 50% of games published to steam are made with Unity. (Link) (Archived via PDF (Sorry!))
Supposidely, the market share for mobile is even larger.

John Badman · Oct 3, 2025

Huh, I didn’t know there was such a thing as safe file handling given that Unity hard crashes every time I use the damn thing.

George Lucas · Oct 3, 2025

This wouldn’t be so bad if Unity wasn’t positioning itself as a business-grade tool for enterprise applications.

30+GameOvers · Oct 5, 2025

Realistically, how can this even be exploited? Does this mean that, say, an old Unity game that isn't going to be updated can now be fucked with? Does this even matter for offline games?

Borax Bozo · Oct 5, 2025

30+GameOvers said:
Realistically, how can this even be exploited? Does this mean that, say, an old Unity game that isn't going to be updated can now be fucked with? Does this even matter for offline games?

Someone pointed out that games that run custom content (such as Steam Workshop entries) could end up getting exploited by a malicious upload.

Croak & Caw · Oct 5, 2025

Borax Bozo said:
Someone pointed out that games that run custom content (such as Steam Workshop entries) could end up getting exploited by a malicious upload.

Could probably affect people who pirate too.

PhoBingas · Oct 5, 2025

Croak & Caw said:
Could probably affect people who pirate too.

might even effect pirates more. More often than not it's not the most recent patch that's up on torrent sites, or have malicious shit added. Didn't that EMPRESS cracker lose their mind a couple years ago and started spouting radfem/troon shit?

Nameless One · Oct 5, 2025

My wifi source is a shitty hotspot, and I downloaded Hollow Knight and Silksong's unofficial android ports. I will take my risks because I am not about to fucking redownload them.

BigGuyOS 6 : Jovial Janny · Oct 5, 2025

So could this impact console?
It would be pretty sweet if it led to a universal crack for all current gen consoles and lead to CFW.
It's a local file attack, so loading a modified save file?

Smaug's Smokey Hole 2 · Oct 5, 2025

Croak & Caw said:
Could probably affect people who pirate too.

When installing the game it already asks you to approve elevated privileges so you're already taking your chances there.

Prokhor Zakharov · Oct 5, 2025

Orphaned Punk said:
which could enable local code execution or information disclosure at the privilege level of the vulnerable application.

Other IT kiwi's will know this is less of a problem than it could have been. Most game's (except the ones that run anti-cheat bullshit) run in userland with user level privileges, which for Linux in particular is quite restricted (in Windows it will have a little more access).

Still a problem given user level access to the file system is still rather extensive, and could lead to exfiltration of sensitive information for the user.

This might help explain some of the problems I've heard about recently with tokens being stolen using pirated games from end users where there was no known security compromise.

Professional Noticer · Oct 5, 2025

Im really surprised Unity is such a big deal in game development considering the pricing shit they pulled off a few years ago. I know they reverted it but I will never trust them again.
I would figure most of devs would have switched to UE or Godot, but I assume they didn't because they are used to Unity. A lot of skills are transferable but it's of course its not that simple.

I do some minor game jams here and there and I always use Godot, its really lightweight and easy to use. It's also open source so its constantly improving even if its still rough.
I understand that for AAA companies it might not be enough, but its pretty good for smaller indie projects, which is literally 95% of the games I play nowadays. I recommend anyone interested in game dev to start with it.

Prokhor Zakharov · Oct 6, 2025

Professional Noticer said:
I would figure most of devs would have switched to UE or Godot, but I assume they didn't because they are used to Unity. A lot of skills are transferable but it's of course its not that simple.

I think I remember something happening with Godot, it was taken over by trannies, or something like that. So that's not a viable option any longer.

deleuzeon · Oct 6, 2025

Professional Noticer said:
I would figure most of devs would have switched to UE or Godot, but I assume they didn't because they are used to Unity.

Godot would be much smarter for most of them business-wise, since it's open-source and has no licensing fees. If you succeed with Unity you will pay for the privilege. If you even release with UE you'll have to share your books with Epic for the rest of your life. Fun!

Prokhor Zakharov said:
I think I remember something happening with Godot, it was taken over by trannies, or something like that. So that's not a viable option any longer.

Lol. If that's how someone is choosing the engine for their game project then they're probably ngmi.

Croak & Caw · Oct 6, 2025

Prokhor Zakharov said:
I think I remember something happening with Godot

Godot team is full of trannies and lunatics as far as I remember. It got forked to Redot and trannies went rabid* for a while, but I think things calmed down for now. If the fork doesn't die I'll check it out. I tried Godot a while back and it felt really messy.

Made In Wales · Oct 6, 2025

Oh dear.

The new Football Manager 2026 game is being released on Unity next month.

Should I buy it or avoid, as I've heard nothing bad bad stuff about Unity.

Professional Noticer · Oct 6, 2025

deleuzeon said:
Godot would be much smarter for most of them business-wise, since it's open-source and has no licensing fees.

Is sounds good in paper, but Godot is just not strong enough for a lot of stuff, especially in the 3D department.

You can put together a few assets in Unreal Engine 5 in 30 minutes and mess with the lightning and you end up with something that legit looks like a AAA game. The lighting system especially is incredible in Unreal, while also being really heavy (which is why Unreal games tend to chug a lot, but that's mostly because devs put everything to max and don't optimise at all).

Godot really can't compete with that level of graphics. For indies it doesnt matter as much of course. But the AAA companies wouldn't sell as many copies of their games if their graphics were mid.

Prokhor Zakharov said:
I think I remember something happening with Godot, it was taken over by trannies, or something like that. So that's not a viable option any longer.

Yes, but that doesn't really apply to the engine at all. It was just a community manager or some shit. As long as you aren't posting on their gay little forums it really doesn't matter.
And an Open Source thing it has a lot of people contributing to it, which yes will always include some retards.

I was there during the Redot fork, but they were kinda directionless. Good idea, but most of us (including myself) were just there complaining about it being bullshit but most of us didn't have the skills to contribute anything meaningful considering most of us were amateur game devs. Im sure its better now but I'm not sure I wanna fuck around with Redot when Godot is still being updated.

Anyway, all the engines have problems. You just have to pick your poison:

Unreal Engine - You have to deal with the dogshit blueprint system, but overall its a good choice. They only take money if you make a ton of money (I believe a million USD?), so its a good choice for indies as 99% will never reach that amount. Theres lot of support and games look good by default. Its just not great for smaller scale games (like indies) because its heavy.
Unity - A ton of support out there for this one, but the company has shown to be filled with retards. They wanted to fucking rob everyone that used their engine, even people that made free games. Will it happen again? Maybe, maybe not, but i would urge anyone to consider NOT using this. They are not reliable and hey have shown to be malicious.
Godot - Good, easy to learn, lightweight. Some documentation but not as much as the other 2. Not very suitable for "real" big complex games.
RPG Maker - Easy to use, but its RPG maker. The games all look the same when you make them in RPG maker. Still, theres a lot of classics made with this engine. It's still producing bangers to this day (Don't Look Outside is an amazing game that came out just a couple of months ago). Also you need to pay for it upfront (but its not a lot).
Gamemaker - I don't have a lot of experience with Gamemaker but its also a good choice from what I heard.
Ren'py - Literally just used for Visual Novels, but hey, its a start if you have a good narrative idea. Free and Open Source as well. You can learn it in a few mins and make a funny story about lolcows for the next Kiwi GameJam.

Theres more but no one cares about the other ones. They exist but its not worth learning unless they have a very specific niche (like RenPy for Visual Novels).
Godot might not be perfect but as someone that loves open source and not being tied to companies, its still the best out there for me. If you wanna go into real pro development I would learn Unreal instead. Unity can go suck a dick for all I care.

deleuzeon · Oct 6, 2025

Professional Noticer said:
Is sounds good in paper, but Godot is just not strong enough for a lot of stuff, especially in the 3D department.

You can put together a few assets in Unreal Engine 5 in 30 minutes and mess with the lightning and you end up with something that legit looks like a AAA game. The lighting system especially is incredible in Unreal, while also being really heavy (which is why Unreal games tend to chug a lot, but that's mostly because devs put everything to max and don't optimise at all).

Godot really can't compete with that level of graphics. For indies it doesnt matter as much of course. But the AAA companies wouldn't sell as many copies of their games if their graphics were mid.

Yeah I agree, I was only speaking to indie situations really. The rendering abilities can seduce you, but then you end up trying to compete with other games that have AAA visuals when you don't have a AAA budget. It's arguably wiser to use an engine with less ability to go and overscope yourself visually, so you have to focus on fun.

George Lucas · Oct 6, 2025

Professional Noticer said:
Im really surprised Unity is such a big deal in game development considering the pricing shit they pulled off a few years ago. I know they reverted it but I will never trust them again.
I would figure most of devs would have switched to UE or Godot, but I assume they didn't because they are used to Unity. A lot of skills are transferable but it's of course its not that simple.

I do some minor game jams here and there and I always use Godot, its really lightweight and easy to use. It's also open source so its constantly improving even if its still rough.
I understand that for AAA companies it might not be enough, but its pretty good for smaller indie projects, which is literally 95% of the games I play nowadays. I recommend anyone interested in game dev to start with it.

Because Unity doesn’t make much money off the single-member businesses anyway. The money is in medium and large businesses that don’t really care about recurring license fees because that’s already the pricing model for all the other software their business uses.

Unity Security Update Advisory (CVE-2025-59489)

Orphaned Punk

I wanna be your clip!

Attachments

John Badman

George Lucas

Literal troll account

30+GameOvers

THINK ON YOUR SINS

Borax Bozo

Here until I can finally rest.

Croak & Caw

PhoBingas

There are Bosnians outside my house.

Nameless One

Lord Of War

BigGuyOS 6 : Jovial Janny

Crashing the kernel with no survivors

Smaug's Smokey Hole 2

Forgettable2

Prokhor Zakharov

The Researcher Is a Skeptic and a Pessimist

Professional Noticer

Ackshually, I just noticed something...

Prokhor Zakharov

The Researcher Is a Skeptic and a Pessimist

deleuzeon

loquacious