Pentiment, Fallout Shelter, And More Pulled From Steam Due To Unity Security Vulnerability

By Elijah Gonzalez | October 6, 2025 | 10:25am

Video Games News pentiment

Pentiment, Fallout Shelter, And More Pulled From Steam Due To Unity Security Vulnerability

Are you in the mood to play an inspired historical murder mystery game set in 16th century Bavaria? Unfortunately, you may have to wait a bit because Obsidian Entertainment’s Pentiment has been temporarily taken off digital storefronts due to a security vulnerability discovered in Unity, the game’s engine. Other Microsoft-published games that use the engine have also been removed from Steam, including Fallout Shelter and Wasteland 3, and Microsoft has even encouraged users to uninstall their Unity games that haven’t been patched yet. Meanwhile, other Unity games have stayed up, such as Among Us, which received a lightning-fast update to address the issue.

On Friday, Unity posted on its CVE (Common Vulnerabilities & Exposures) Q&A forum that “a security vulnerability was identified that affects games and applications built on Unity versions 2017.1 and later for Android, Windows, Linux, and macOS operating systems. There is no evidence of any exploitation of the vulnerability, nor has there been any impact on users or customers.”

“We have proactively provided fixes that address the vulnerability, and they are already available to all developers,” the post clarifies. “The vulnerability was responsibly reported by the security researcher RyotaK, and we thank him for working with us.”

Most Popular

The post recommends that developers with games and applications that are already out in the wild to “download the patched update for your version of the Unity Editor, recompile, and republish your application.” They already have a tool to patch already-built applications if developers don’t want to rebuild their projects.

As for the specifics of the vulnerability, the security engineer who discovered the bug, RyotaK, explained it in detail in a post for his company, GMO Flatt Security. They explain that this vulnerability, dubbed “CVE-2025-59489,” allows malicious parties to control command line arguments passed to Unity applications, letting them “load arbitrary shared libraries (.so files) and execute malicious code.” It also allows applications installed on a device to “hijack permissions granted to Unity applications.” Put simply, a malicious party could piggyback off a Unity application to do bad things to your computer.

Unity has become one of the most popular gaming engines in recent years, so quite a few titles are potentially affected by the vulnerability. As of right now, Pentiment is still down from digital storefronts, but based on how quickly many other games were patched, hopefully, it will be back up soon.