CVE-2025-61973
📋 TL;DR
A local privilege escalation vulnerability exists in Epic Games Store installation via Microsoft Store where low-privilege users can replace DLL files during installation. This allows attackers to execute arbitrary code with elevated SYSTEM privileges. Affects users installing Epic Games Store through Microsoft Store on Windows systems.
💻 Affected Systems
- Epic Games Store
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains full SYSTEM privileges on the target machine, enabling complete system compromise, persistence installation, credential theft, and lateral movement.
Likely Case
Local attacker escalates privileges to install malware, backdoors, or access protected resources they shouldn't have access to.
If Mitigated
Limited impact if proper user privilege separation exists and installation occurs in controlled environments.
🎯 Exploit Status
Exploit requires local access and timing during installation process. Technical details available in Talos report.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest version from Microsoft Store
Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279
Restart Required: No
Instructions:
1. Open Microsoft Store 2. Click Library 3. Find Epic Games Store 4. Click Update or Get Updates 5. Ensure latest version is installed
🔧 Temporary Workarounds
Install via Epic Games website
windowsInstall Epic Games Launcher directly from Epic Games website instead of Microsoft Store
Restrict installation permissions
windowsConfigure Group Policy to restrict who can install applications from Microsoft Store
🧯 If You Can't Patch
- Restrict standard user access to installation directories and temporary folders
- Monitor for DLL replacement activities during software installation processes
🔍 How to Verify
Check if Vulnerable:
Check if Epic Games Store was installed via Microsoft Store and if it's an older versionCheck Version:
Check Microsoft Store > Library > Epic Games Store for version infoVerify Fix Applied:
Verify Epic Games Store shows as updated in Microsoft Store and check version number📡 Detection & Monitoring
Log Indicators:
- DLL file modifications during installation processes
- Unexpected privilege escalation events
- File system changes in installation directories
Network Indicators:
- No network indicators - local exploit only
SIEM Query:
EventID=4688 OR EventID=4689 with process creation during Epic Games installation OR File modification events in installation directories