Cyber Posture

CVE-2021-47852

HighPublic PoC

Published: 21 January 2026

Published
21 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 9.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47852 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Rockstargames (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, ranked at the 9.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-5 Access Restrictions for Change good match
prevent

Restricts access to system components like the RockstarService.exe to privileged accounts only, preventing low-privileged authenticated users from overwriting it with a malicious binary.

CM-6 Configuration Settings good match
prevent

Ensures secure configuration settings are established and implemented, including tight file permissions on service executables to block unauthorized modifications.

AC-6 Least Privilege good match
prevent

Enforces least privilege on access rights, ensuring weak permissions on RockstarService.exe are not granted to low-privileged users, mitigating privilege escalation.

NVD Description

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated system…

more

access.

Deeper analysisAI

CVE-2021-47852 is a privilege escalation vulnerability in Rockstar Games Launcher version 1.0.37.349, stemming from weak permissions on the RockstarService.exe service executable (CWE-276: Incorrect Default Permissions). This flaw allows authenticated users to modify the executable, enabling replacement with a malicious binary. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An attacker with low-privilege authenticated access to the system can exploit this remotely with low complexity and no user interaction required. By overwriting RockstarService.exe, the attacker can execute arbitrary code at service startup, such as creating a new administrator user account, thereby achieving full elevated system access with high confidentiality, integrity, and availability impacts.

Advisories, including those from VulnCheck detailing the insecure file permissions, and a proof-of-concept exploit on Exploit-DB (49739), underscore the issue without specifying vendor patches in available references. The official Rockstar Games Launcher page provides context on the affected component. No real-world exploitation in the wild is detailed in the provided information.

Details

CWE(s)
CWE-276

Affected Products

Rockstargames
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-24107Shared CWE-276
CVE-2024-53841Shared CWE-276
CVE-2024-43166Shared CWE-276
CVE-2026-32983Shared CWE-276
CVE-2024-53840Shared CWE-276
CVE-2025-24172Shared CWE-276
CVE-2025-24093Shared CWE-276
CVE-2024-11468Shared CWE-276
CVE-2024-55959Shared CWE-276
CVE-2025-24267Shared CWE-276

References