This must be some kind of mistake, but it appears as if Pillars of Eternity and Wasteland 3 have been delisted in all their editions, and with all their DLCs.

Also As Dusk Falls.

I was about to say maybe new region locked matter, but nope says the same on my end and even looked it up found this as the official reason given
https://support.inxile-entertainment.com/hc/en-us/articles/41796807232148-Unity-Games-Delisted-Due-to-Vulnerability

Ah, that makes a lot of sense. Feels a bit overblown to me, but as they should return 'soon', I guess it doesn't matter too much.

(And The Bard's Tale Trilogy indeed also got delisted; I saw that initially, but filtered it out since it is still being sold via The Bard's Tale IV: Director's Cut - Deluxe Edition.)

Agreed and at least this delisting doesn't deal with greed or some expired license those involved refuse to renew. but rather some security based reason

The Bard's Tale Trilogy and Wasteland Remastered (another one which was gone) are back.

My understanding is even the other big game platform warned people to not download certain games, until a patch was issued. hopefully that's the case here.

While commendable, I don't see how this approach of patching games by developers will help. There are hundreds, if not thousands, of post 2017 Unity games on GOG, many of which are no longer being maintained. If we are to wait for the developers --- some of which cannot even be bothered to update their games on GOG when they do so on Steam --- the vulnerability will never be fully removed from GOG's repository. It should be GOG's responsibility to patch all the games (except those already explicitly patched by the developers), with or without the developers' approval.

More like it should be Unity's responsibility to release a generic patch that, when executed, will search the installed games for affected ones and, with user approval, patch those it finds, and also allow the user to select folders (if they don't want to let it scan or have portable games that can't be detected by checking installed programs) and have it check whether the game in that folder needs the patch, and apply it if so. Because we're looking at tens of thousands of affected games, and many will be little indies or freeware, maybe abandoned or delisted, never getting patched by either dev or store, and even for those that do get patched, getting all the patches may be tedious and frustrating... And in some cases a potential threat in itself, as I can see this scare being exploited by some who'd release malware posing as patches. Maybe even exploiting this very vulnerability, knowing that those who'd run them are affected.

I found this but I don't know if we can patch it ourselves or the developer can only do it.
https://discussions.unity.com/t/cve-2025-59489-patcher-tool/1688032

They have already released such a patch.I don't know if it searches through all installed games (probably not), but it does allow gamers to patch their own games, one at a time.

But with GOG's approach of using downloadable installers (unlike steam, which uses fully installed downloadable games), it's a problem because you need to install each game in order to patch your backed up games. That's why GOG needs to apply the patch, before they build the installers.

True, that needs to be patched by GOG for the games they sell, but for installed games, regardless of where they were from, there needs to be a tool. I mean, the user shouldn't have to figure out whether a game is affected or not on their own.

As I said, Unity has already released such a tool. Did not try it myself yet.

Hello Cavalary and mrkgnao!

I agree that GOG.COM has the obligation to patch the corresponding games on their end in order to provide clean offline installers.
On the other hand, it means that everyone has to replace the already downloaded and backed up installer files or have an offline patch tool available to install and afterwards patch any game purchased based on Unity game engine.


Of course, it is not a validation, but I tried to identify which Unity version is being used by the games I have currently installed on my machine (including those that were deinstalled already but kept left over files, such as configurations and save files).

The result was that you have to look for one of the following log files on your computer:
'output_log.txt' or 'Player.log'


For Windows and for earlier Unity versions (in my experience up to Unity version 5)
you have to look for:
* 'output_log.txt'
in:
* [game_install_directory]\[game_name]_Data\

And for later or more recent Unity versions (Unity 2017+)
you have to look for:
* 'output_log.txt' or
* 'Player.log' or
* 'Player-prev.log'
in:
* C:\Users\[user_name]\AppData\LocalLow\[game_company_name]\[game_name]\


A list of affected Unity engine versions can be found on this site:

affected Unity Engine versions

Which currently lists the following information:

- affected from 6000.3 before 6000.3.0b4
- affected from 6000.2 before 6000.2.6f2
- affected from 6000.0 LTS before 6000.0.58f2
- affected from 2022.3 xLTS before 2022.3.67f2
- affected from 2021.3 xLTS before 2021.3.56f2
- affected from 6000.1 before 6000.1.17f1
- affected from 2023.2 before 2023.2.22f1
- affected from 2023.1 before 2023.1.22f1
- affected from 2022.3 LTS before 2022.3.62f2
- affected from 2022.2 before 2022.2.23f1
- affected from 2022.1 before 2022.1.25f1
- affected from 2021.3 LTS before 2021.3.45f2
- affected from 2021.2 before 2021.2.20f1
- affected from 2021.1 before 2021.1.29f1
- affected from 2020.3 before 2020.3.49f1
- affected from 2020.2 before 2020.2.8f1
- affected from 2020.1 before 2020.1.18f1
- affected from 2019.4 LTS before 2019.4.41f1
- affected from 2019.3 before 2019.3.17f1
- affected from 2019.2 before 2019.2.23f1
- affected from 2017.1.2p4 before 2019.1.15f1

These informations might help anyone to make a better informed decision, whether they need or should uninstall (not touch again) upon certain Unity-based games they have.


For me, there is still one doubt, though:
Could this vulnerability being taken advantage of even if one does not launch the corresponding game again until it is patched or is the mere presence of the game and its engine sufficient to be a danger?

(Is there an actual need to uninstall affected games or would it be sufficient to not start/play them until they are patched?)

Kind regards,
foxgog

P.S. I have tried it. It's very easy to use, takes a few seconds, and changes just one file (UnityPlayer.dll). It can fix Windows, Mac, and Android games, but not Linux ones.

Hello alexandros050!

I am curious about this, as well. Does it mean that affected games would only need a replacement of their 'UnityPlayer.dll' file?

Then why, is not Unity simply providing the corresponding file (or files if different engine versions require a different dll file) directly?

I do not want to download and execute an online-only patch tool of which I do not know what it is actually doing...

Kind regards,
foxgog

P.S.: Looking for this very 'UnityPlayer.dll' file on my installed Unity-based games, I realized that it is an even easier method to identify the version of the used Unity engine of a game!
Older (and presumably not affected Unity Engine games do not even have this dll file in their game directory, while the affected versions include it in the game's main directory. And upon right-clicking on this dll-file, selecting "Properties" and looking at the tab for "Details" you can read the file's and game engine's version number there!

[Edit:]
Upon further investigating, I see the need for version dependent dll-file replacements. They are significantly different in file sizes, for instance, between 16 MB and 29 MB in sample cases.

@mrkgnao:
I assume then, that the patch tool has to identify the corresponding engine version and downloads only the respective updated dll file?
How does it work in practice? Do you point the tool to the install directory or does it scan your whole system for existing game installs?