CVE-2025-61973 is a local privilege escalation vulnerability identified in Epic Games Store version 14.6.2.0, specifically during its installation process via the Microsoft Store on Windows platforms. The root cause is improper access control (CWE-284) that allows a low-privilege user to replace a Dynamic Link Library (DLL) file during installation. This DLL hijacking attack vector enables the attacker to execute arbitrary code with elevated privileges, potentially system or administrator level, without requiring user interaction. The vulnerability is classified with a CVSS v3.1 score of 8.8, reflecting high impact on confidentiality, integrity, and availability, and low attack complexity. The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially compromised component. Although no exploits have been observed in the wild yet, the vulnerability presents a significant risk due to the common presence of Epic Games Store on gaming and multimedia systems worldwide. The installation process's insufficient validation and access control on DLL files during setup is the critical failure point. This flaw could be leveraged by malicious local users or malware to gain persistent elevated access, potentially leading to system compromise, data theft, or disruption of services. The vulnerability highlights the need for secure installation procedures and strict file system permissions during software deployment.

The vulnerability allows a low-privilege user to escalate their privileges to higher levels, potentially system or administrator rights, which can lead to full system compromise. This impacts confidentiality by enabling unauthorized access to sensitive data, integrity by allowing modification or replacement of critical system files, and availability by potentially disrupting system or application operations. Organizations with shared or multi-user Windows environments where Epic Games Store is installed are particularly vulnerable. Attackers could leverage this flaw to install persistent malware, exfiltrate data, or disrupt gaming and related services. The high CVSS score reflects the severe consequences if exploited, especially in enterprise or gaming café environments where multiple users share systems. Although no known exploits exist currently, the vulnerability's nature and ease of exploitation make it a prime target for attackers once exploit code becomes available. The scope change indicates that the impact extends beyond the installation process, potentially affecting the entire system security posture.

1. Restrict installation permissions: Ensure only trusted administrators can install or update Epic Games Store to prevent unauthorized DLL replacement. 2. Implement strict file system ACLs on installation directories and temporary folders used during installation to prevent low-privilege users from modifying DLL files. 3. Monitor file integrity during installation using endpoint detection and response (EDR) tools to detect unauthorized DLL changes. 4. Employ application whitelisting to prevent execution of unauthorized DLLs or binaries. 5. Use Windows Defender Application Control (WDAC) or similar technologies to enforce code integrity policies. 6. Educate users and administrators about the risks of local privilege escalation and the importance of secure installation practices. 7. Apply patches or updates from Epic Games promptly once available. 8. Consider deploying installation in isolated or controlled environments where possible. 9. Audit and limit local user privileges to the minimum necessary to reduce attack surface. 10. Use security tools to detect suspicious DLL hijacking or replacement activities during installation.