Cyber Posture

CVE-2025-61973

HighLPE

Published: 15 January 2026

Published
15 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0001 0.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-61973 is a high-severity Improper Access Control (CWE-284) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Executable Installer File Permissions Weakness (T1574.005); ranked at the 0.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Executable Installer File Permissions Weakness (T1574.005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

AC-3 enforces approved authorizations preventing low-privilege users from replacing DLL files during installation, directly addressing the improper access control vulnerability.

AC-6 Least Privilege good match
prevent

AC-6 applies least privilege to installation processes and users, mitigating privilege escalation from DLL replacement by limiting necessary access.

CM-5 Access Restrictions for Change good match
prevent

CM-5 restricts access to changes during the Epic Games Store installation, preventing unauthorized DLL file modifications by low-privilege users.

MITRE ATT&CK Enterprise TechniquesAI

T1574.005 Executable Installer File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by an installer.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local installer DLL replacement enables executable installer file permissions weakness and exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges.

Deeper analysisAI

CVE-2025-61973 is a local privilege escalation vulnerability affecting the installation process of the Epic Games Store when installed via the Microsoft Store. It allows a low-privilege user to replace a DLL file during installation, potentially leading to unintended elevation of privileges. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-284 (Improper Access Control).

A local attacker with low privileges can exploit this vulnerability by replacing the targeted DLL file while the Epic Games Store installation is in progress through the Microsoft Store. Successful exploitation enables the attacker to elevate privileges, granting high-impact access to confidentiality, integrity, and availability of system resources due to the high scope (S:C).

Mitigation details and further technical analysis are available in the Talos Intelligence advisories at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279 and https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2279.

Details

CWE(s)
CWE-284

CVEs Like This One

CVE-2025-54914Shared CWE-284
CVE-2025-21359Shared CWE-284
CVE-2025-24042Shared CWE-284
CVE-2026-2311Shared CWE-284
CVE-2026-0844Shared CWE-284
CVE-2026-23856Shared CWE-284
CVE-2026-35242Shared CWE-284
CVE-2025-24994Shared CWE-284
CVE-2026-27914Shared CWE-284
CVE-2026-20843Shared CWE-284

References