CVE-2025-61973 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Epic Games Store version 14.6.2.0 during its installation process via the Microsoft Store on Windows platforms. The flaw arises because the installer does not adequately restrict access to a DLL file that is loaded during installation, allowing a low-privilege user to replace this DLL with a malicious one. This DLL hijacking leads to local privilege escalation, enabling the attacker to execute code with elevated privileges, potentially SYSTEM level. The vulnerability does not require user interaction beyond initiating the installation and can be exploited by any user with low privileges on the system. The CVSS v3.1 score of 8.8 reflects the high impact on confidentiality, integrity, and availability, as the attacker can gain control over the system, manipulate sensitive data, or disrupt system operations. While no public exploits are known yet, the vulnerability's nature and the widespread use of Epic Games Store make it a critical concern. The vulnerability was reserved in October 2025 and published in January 2026, with no patches currently listed, indicating that mitigation relies on vendor updates and local security controls.

For European organizations, this vulnerability poses a significant risk, especially in environments where Epic Games Store is installed on shared or multi-user Windows systems. An attacker with low privileges could escalate to administrative rights, compromising system security, stealing sensitive data, or deploying malware. This could lead to operational disruptions, data breaches, and loss of trust. Gaming companies, educational institutions, and enterprises with gaming on employee devices are particularly vulnerable. The ability to escalate privileges locally may also facilitate lateral movement within networks, increasing the attack surface. Given the high CVSS score and the potential for full system compromise, the impact on confidentiality, integrity, and availability is severe. Organizations that do not restrict local user permissions or monitor installation processes are at higher risk. The lack of known exploits in the wild suggests a window of opportunity for proactive defense before widespread exploitation occurs.

1. Immediately restrict local user permissions to prevent unauthorized file modifications during software installations. 2. Implement application whitelisting and integrity monitoring to detect unauthorized DLL replacements during installation. 3. Use Windows Group Policy to limit which users can install or update software, especially from the Microsoft Store. 4. Monitor installation directories and temporary folders for suspicious file changes or DLL replacements. 5. Educate users about the risks of installing software from untrusted sources or without proper privileges. 6. Coordinate with Epic Games for timely patch deployment once available; prioritize patching affected versions. 7. Employ endpoint detection and response (EDR) solutions to identify anomalous privilege escalation attempts. 8. Consider isolating gaming environments or using virtual machines to limit the impact of potential exploits. 9. Regularly audit local accounts and remove unnecessary privileges to reduce the attack surface. 10. Maintain up-to-date backups to recover from potential compromise resulting from exploitation.