Cyber Resilience

CVE-2021-47852

HighPublic PoC

Published: 21 January 2026

Published
21 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0020 9.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2021-47852 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Rockstargames (inferred from references). Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 9.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2021-47852 is a privilege escalation vulnerability in Rockstar Games Launcher version 1.0.37.349, stemming from weak permissions on the RockstarService.exe service executable (CWE-276: Incorrect Default Permissions). This flaw allows authenticated users to modify the executable, enabling replacement with a malicious binary. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An attacker with low-privilege authenticated access to the system can exploit this remotely with low complexity and no user interaction required. By overwriting RockstarService.exe, the attacker can execute arbitrary code at service startup, such as creating a new administrator user account, thereby achieving full elevated system access with high confidentiality, integrity, and availability impacts.

Advisories, including those from VulnCheck detailing the insecure file permissions, and a proof-of-concept exploit on Exploit-DB (49739), underscore the issue without specifying vendor patches in available references. The official Rockstar Games Launcher page provides context on the affected component. No real-world exploitation in the wild is detailed in the provided information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated system…

more

access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.010 Services File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by services.
Why these techniques?

Weak file permissions on Windows service executable directly matches Services File Permissions Weakness, enabling binary replacement for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-55930Shared CWE-276
CVE-2025-24915Shared CWE-276
CVE-2025-8432Shared CWE-276
CVE-2025-10314Shared CWE-276
CVE-2025-57625Shared CWE-276
CVE-2021-47761Shared CWE-276
CVE-2025-60262Shared CWE-276
CVE-2020-37129Shared CWE-276
CVE-2025-8031Shared CWE-276
CVE-2025-24170Shared CWE-276

Affected Assets

Rockstargames
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Restricts access to system components like the RockstarService.exe to privileged accounts only, preventing low-privileged authenticated users from overwriting it with a malicious binary.

prevent

Ensures secure configuration settings are established and implemented, including tight file permissions on service executables to block unauthorized modifications.

prevent

Enforces least privilege on access rights, ensuring weak permissions on RockstarService.exe are not granted to low-privileged users, mitigating privilege escalation.

References