I’ve now completed patching my games for CVE-2025-59489. This is the final tally of games that received a fix:
- Shattered: Why Not Me
- In The Middle Of The Night
- A Dream Of Valhalla [Hotfix, 1.2.0 and 1.1.1]
- At The Break Of Dawn [Hotfix]
- The Crystal Tower
- Shattered 2
- See Who I Am
- Project D759 [Hotfix]
- SE7ENGOKU
- You have to make the game [Hotfix]
- By The Meridiem Gleam
- The Excessive Sound Guys [Hotfix]
- Starlight Nights
- Shattered 3
- Boulder’s Gate 4
- Smash up the stealership!
If it’s not in that list, it has not been updated and likely never will be. Unless otherwise noted, only the latest version has been updated. Items suffixed Hotfix were patched without a rebuild or version number change, with the files simply labelled as hotfixes. In all cases, the included README files have been updated with a mention of the fix.
To be honest, this whole exercise has felt a bit futile. While it’s not good practice to leave vulnerabilities lying around and I’ve approached it from that angle, most very small indies aren’t bothering to update their old games, and with that expectation in mind system-level mitigations are already being put in place. Of all the possible attack vectors, is it really going to be one of my indiest-of-indie games?
I think this covers things reasonably well. Most of my games from the past few years have been patched, and all the main series games (including a few I had to upgrade the Unity version on). Of course, all future games will be built with versions of Unity that are not vulnerable.