CVE-2025-61973 is a local privilege escalation vulnerability identified in the Epic Games Store installer distributed through the Microsoft Store, specifically affecting version 14.6.2.0. The vulnerability arises from improper access control (CWE-284) during the installation process, where a low-privilege user can replace a Dynamic Link Library (DLL) file. This DLL hijacking allows the attacker to execute arbitrary code with elevated privileges, potentially gaining full administrative rights on the affected Windows system. The attack vector is local (AV:L), requiring the attacker to have some level of access to the machine but no user interaction (UI:N) is needed once the conditions are met. The vulnerability has a scope change (S:C), meaning the impact extends beyond the initially compromised component, affecting the entire system's confidentiality, integrity, and availability (all rated high). Although no exploits are currently known in the wild, the high CVSS score of 8.8 indicates a significant risk if weaponized. The vulnerability is particularly concerning because it leverages the installation process, a routine operation that may not be closely monitored, allowing stealthy privilege escalation. Since the Epic Games Store is widely used on Windows platforms, this vulnerability could be exploited by malicious insiders or malware that gains limited user access, enabling full system compromise. The lack of an available patch at the time of publication necessitates immediate risk mitigation strategies.

For European organizations, this vulnerability poses a serious risk, especially in environments where the Epic Games Store is installed or where users have local access to systems running Windows. The ability for a low-privilege user to escalate privileges can lead to unauthorized access to sensitive data, installation of persistent malware, or disruption of critical services. This is particularly impactful for organizations with shared workstations, gaming development companies, or educational institutions where multiple users have local accounts. The compromise of confidentiality, integrity, and availability could result in data breaches, intellectual property theft, or operational downtime. Additionally, since the vulnerability exploits the installation process, it could be used to bypass existing endpoint security controls. The threat is amplified in sectors with high regulatory requirements such as finance, healthcare, and government agencies within Europe, where data protection and system integrity are paramount. The absence of known exploits currently provides a window for proactive defense, but the high severity score underscores the urgency of addressing this vulnerability.

1. Immediately restrict local user permissions to prevent unauthorized file modifications during software installations. 2. Monitor and audit the installation directories and processes of the Epic Games Store for any unauthorized DLL replacements or suspicious file activity. 3. Employ application whitelisting and code integrity policies to ensure only trusted binaries and DLLs can be loaded during installation. 4. Use endpoint detection and response (EDR) tools to detect anomalous behavior indicative of privilege escalation attempts. 5. Educate users about the risks of running installers from untrusted sources and the importance of maintaining least privilege principles. 6. Coordinate with Epic Games and Microsoft Store to obtain and apply security patches as soon as they are released. 7. Consider temporarily restricting or controlling the installation of the Epic Games Store in sensitive environments until the vulnerability is remediated. 8. Implement network segmentation to limit the lateral movement potential if a system is compromised via this vulnerability.