Small Security Patch Out Now
Greetings fellow dwarves!
We just put out a small update that fixes a security vulnerability (CVE-2025-59489) inside of the game engine that powers our game (Unity Engine). Since this is a very small update that is purely to resolve this problem, there will be no version number change.
The next upcoming update (The Combat Update) will also have this security patch, as well as every update after that (of course!).
[h3]Extra information about this vulnerability (CVE-2025-59489)[/h3]
This video covers this news very well: https://www.youtube.com/watch?v=toRGh5NVAbs
But there is a few takeaways that I want to make towards all of this:
#1 Steam and various other platforms have taken measures to protect us from people who may try to exploit this.
#2 From my own research, it appears that the vulnerability does not "happen" while the game is running. The vulnerability exists in how programs can take in additional data (launch parameters, command arguments, whatever you want to call them). So the exploit involves launching the game with very very specific launch parameters that allows an attacker to execute code outside the game itself (which could steal your data, or do many other bad things) by using the permissions of the game itself to bypass antivirus.
What this means for you is, in order for this to be used against you, you have to click on something (like a link or button) that launches the game with this "evil input data" that performs the exploit. So for most people, your not going to be randomly hacked out of nowhere just by having the game installed on your computer, or if you run the game without any additional data, such as if you were to double click on the .exe itself.
The exploit is still there, which is not great, but that is why we are patching it. So there is no chance of it being taken advantage of.
But again, with all this being said. We have patched this issue so it is no longer a problem. I am only mentioning all of these details to help keep people informed. And also because I know some people may want to run older versions of the game in the future. So I am saying all this to maybe give some people a bit of peace of mind that the game being actively running on your PC isn't exposing you, and that typical internet precautions are enough to keep you safe (don't click on shady stuff).
We just put out a small update that fixes a security vulnerability (CVE-2025-59489) inside of the game engine that powers our game (Unity Engine). Since this is a very small update that is purely to resolve this problem, there will be no version number change.
The next upcoming update (The Combat Update) will also have this security patch, as well as every update after that (of course!).
[h3]Extra information about this vulnerability (CVE-2025-59489)[/h3]
This video covers this news very well: https://www.youtube.com/watch?v=toRGh5NVAbs
But there is a few takeaways that I want to make towards all of this:
#1 Steam and various other platforms have taken measures to protect us from people who may try to exploit this.
#2 From my own research, it appears that the vulnerability does not "happen" while the game is running. The vulnerability exists in how programs can take in additional data (launch parameters, command arguments, whatever you want to call them). So the exploit involves launching the game with very very specific launch parameters that allows an attacker to execute code outside the game itself (which could steal your data, or do many other bad things) by using the permissions of the game itself to bypass antivirus.
What this means for you is, in order for this to be used against you, you have to click on something (like a link or button) that launches the game with this "evil input data" that performs the exploit. So for most people, your not going to be randomly hacked out of nowhere just by having the game installed on your computer, or if you run the game without any additional data, such as if you were to double click on the .exe itself.
The exploit is still there, which is not great, but that is why we are patching it. So there is no chance of it being taken advantage of.
But again, with all this being said. We have patched this issue so it is no longer a problem. I am only mentioning all of these details to help keep people informed. And also because I know some people may want to run older versions of the game in the future. So I am saying all this to maybe give some people a bit of peace of mind that the game being actively running on your PC isn't exposing you, and that typical internet precautions are enough to keep you safe (don't click on shady stuff).