Me too. In the meantime, anyone who has mods or other files downloaded on their system within the last 8 years, should do an update check for their Anti-Virus software and run a full system scan. Hopefully, you don't have any malicious files on your system that has been exploiting the Unity vulnerability during this last 8 years... the length of time that security software may not have been aware of it. Security software companies should currently have updated for this vulnerability. I'd check to be sure. If not, get a different one that does and run the system scan.

You should also check other Unity games you play, Find the dll and look at its file properties to determine the version, compare it against the CVE list linked above.

Don't assume developers are paying attention, they may not know. If you find one, do what you can to let them know. Even if the game is no longer in development, this is the type of issue that needs to be patched if they are still selling it. As a developer, I can tell you it's usually an easy thing to do. I had to do it not long ago for a similar issue in .NET Standard 2.0 and it was as simple as changjng the target framework version and sending it off to my build server. Took me 5 minutes.

I wrote this for someone asking on the KSP forums, figured I'd drop it here for anyone curious. Just to note, CMS 2021 does use DRM so the patcher mentioned may corrupt the game, or at the very least make everything blue.

There is a known security flaw in virtually every version of Unity since 2017 unless the game has been patched (KSP has not).

However, this flaw was discovered by a professional that informed Unity without divulging details to the public, so right now it's unlikely any bad actors are utilizing it yet (they'd have to find it first).

But this doesn't mean it can't happen.

This affects many games.
How to tell if your game is affected:
1. Navigate to the game installation folder, typically in Steam apps if on Steam.

2. Right click UnityPlayer.dll and click properties.

3. Look in the metadata for the file version.

This is the games unity version, Compare that version to the long list here to determine if it is updated.
https://unity.com/security/sept-2025-01

Keep in mind, games do not need to update to the latest Unity engine to fix the patch, on older games this would be difficult. They only need to update to the patched version listed for the engine major version they are using (so for Unity 2019.3 it needs to be 2019.3.17f1, it does not need to be Unity 6000.3 as that would be practically redeveloping the whole game).

Ideally the developer would patch all their games. As a developer I can tell you this doesn't take much time, even on games no longer in development. If you find one not patched you should make a request to the developer. Unfortunately some games, like KSP, are in an extremely unknown state. We don't even know who the developer is anymore really. In this case you can use the patcher posted in an earlier post to do it yourself. This will work with KSP but may break games using DRM.
https://unity.com/security/sept-2025-01/remediation

Feel free to copy this explanation everywhere it is required. The more games we get patched, the more we all win... Except this bad actors, they lose.