Cyber Resilience

CVE-2025-61973

HighLPE

Published: 15 January 2026

Published
15 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0014 3.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-61973 is a high-severity Improper Access Control (CWE-284) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Executable Installer File Permissions Weakness (T1574.005); ranked at the 3.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-61973 is a local privilege escalation vulnerability affecting the installation process of the Epic Games Store when installed via the Microsoft Store. It allows a low-privilege user to replace a DLL file during installation, potentially leading to unintended elevation of privileges. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-284 (Improper Access Control).

A local attacker with low privileges can exploit this vulnerability by replacing the targeted DLL file while the Epic Games Store installation is in progress through the Microsoft Store. Successful exploitation enables the attacker to elevate privileges, granting high-impact access to confidentiality, integrity, and availability of system resources due to the high scope (S:C).

Mitigation details and further technical analysis are available in the Talos Intelligence advisories at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279 and https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2279.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.005 Executable Installer File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by an installer.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local installer DLL replacement enables executable installer file permissions weakness and exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20628Shared CWE-284
CVE-2025-48619Shared CWE-284
CVE-2025-21405Shared CWE-284
CVE-2026-24303Shared CWE-284
CVE-2026-24290Shared CWE-284
CVE-2026-41086Shared CWE-284
CVE-2026-48904Shared CWE-284
CVE-2026-35243Shared CWE-284
CVE-2025-24076Shared CWE-284
CVE-2024-38310Shared CWE-284

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 enforces approved authorizations preventing low-privilege users from replacing DLL files during installation, directly addressing the improper access control vulnerability.

prevent

AC-6 applies least privilege to installation processes and users, mitigating privilege escalation from DLL replacement by limiting necessary access.

prevent

CM-5 restricts access to changes during the Epic Games Store installation, preventing unauthorized DLL file modifications by low-privilege users.

References